Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf has recently observed the distribution of a trojanized RVTools installer via a malicious typosquatted domain. The domain matches the legitimate domain, however, the Top Level Domain (TLD) is changed from.com to.org. RVTools is a widely used VMware utility for inventory and configuration reporting, developed by Robware. Once the malicious installer was downloaded, the installer attempts to make outbound connections to known command and control infrastructure.

Amazon Simple Email Service (Amazon SES) is a cloud-based provider for sending transactional, marketing, and newsletter emails. Because of its role as a source of communication for organizations, Amazon SES has become a primary tool for phishing campaigns. Our latest threat roundup includes a key finding that Amazon SES is a common target in the initial stages of a cloud control plane attack.

Bumblebee is a downloader malware which has become known for its sophistication and effectiveness. The malware was first discovered in 2022 and was believed to be a tool for ransomware groups due to the developer’s close ties with Conti. Since then, it has been used in various attacks and has been delivered through multiple methods, including phishing emails, malicious documents, and SEO poisoning.

Amazon Web Services (AWS) provides two native options that can be used to back up AWS EC2 instances – AWS EBS Snapshots and Amazon Machine Images (AMIs). This blog post explains the differences between these two approaches to backup and explains when each method is optimal. NAKIVO for AWS EC2 Backup Backup of Amazon EC2 instances to EC2, AWS S3 and onsite. Anti-ransomware options. Fast recovery of instances and application objects. DISCOVER SOLUTION.

Despite advancements in security, web applications are still a problem. Attackers target web applications because they’re exposed, complex, and not as well protected as they should be. According to Verizon1, web applications are the most prevalent attack vector, with exploitations of vulnerabilities increasing by 180% in 2024.

Buy Now, Pay Later services offer a more flexible method for online purchases. Consumers aren't required to make an immediate, full payment; they can instead split the sum into a schedule that works for them. These services work similarly to credit cards but do not incur interest fees over time. Most people have seen Klarna, Afterpay, or Affirm offered on Amazon or other e-commerce websites. They are the most popular BNPL providers, but the market is steadily growing.

Privileged Access Management (PAM) works by controlling, monitoring and securing access to privileged accounts and resources through features such as credential vaulting, just-in-time access control, session management and automation. It enforces the principle of least privilege so that only authorized users and systems have access to sensitive data. Continue reading to learn more about how privileged access management works to protect your organization.

Scattered Spider, aka UNC3944, is switching the focus of its retail-oriented attacks from the UK market to the US, according to published reports. At this time, no US retailers have been named as targets, but the alleged Scattered Spider activity is a clear sign retailers in the US and worldwide need to prepare.

Owing to the rapidly evolving regulatory and operational landscape, organizations are increasingly focused on ensuring that their internal control frameworks are both resilient and adaptive. Continuous control assurance (CCA) plays a pivotal role in enhancing audit readiness, enabling companies to maintain robust compliance standards while minimizing disruption to their routine operations.

Cyber attacks, including ransomware, have never been so ubiquitous. No organization, regardless of size or industry, is truly immune to ransomware attacks. While some may have better security measures and faster recovery plans, the threat is pervasive and can impact even the most sophisticated businesses. All organizations should have robust cyber resilience strategies in place, including backup and recovery plans, to mitigate the impact of a potential attack.