Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Researchers at Abnormal Security have observed a 360% increase in phishing attacks against state and local government entities over the past year. The researchers write, “While phishing tends to consistently increase each year and regularly accounts for the majority of advanced threats, this level of growth is extraordinary.” Threat actors often use phishing to gain a foothold within an organization before launching more follow-on attacks.

The Sysdig Threat Research Team (TRT) continued observation of the SSH-Snake threat actor we first identified in February 2024. New discoveries showed that the threat actor behind the initial attack expanded its operations greatly, justifying an identifier to further track and report on the actor and campaigns: CRYSTALRAY. This actor previously leveraged the SSH-Snake open source software (OSS) penetration testing tool during a campaign exploiting Confluence vulnerabilities.

Privileged access management (PAM) programs aim to secure the highest-risk access in an organization, including using privileged credentials like passwords, SSH keys and application secrets. So, how can PAM and identity security teams prepare for a passwordless future? The answer lies in a deeper examination of what ‘passwordless’ really means and how PAM programs are modernizing to protect new identities and environments.

GitLab has released a new series of updates to address critical security flaws in its software development platform. Among these, a severe vulnerability tracked as CVE-2024-6385 has been identified, allowing attackers to run pipeline jobs as arbitrary users. This blog will detail the nature of these vulnerabilities, their impact, and the steps GitLab has taken to mitigate them. Critical Vulnerability: CVE-2024-6385.

Russian state-sponsored media organization RT has been using AI-powered software to generate realistic social media personas and spread disinformation for the past two years. This sophisticated tool, known as Meliorator, has been employed to target multiple countries, including the US, Poland, Germany, the Netherlands, Spain, Ukraine, and Israel. Meliorator's Capabilities.

A large-scale fraud operation, dubbed "Ticket Heist," is exploiting over 700 domain names to sell fake tickets for the upcoming Summer Olympics in Paris. This campaign, which appears to predominantly target Russian-speaking users, extends beyond the Olympics to other major sports and music events, posing a significant risk to potential ticket buyers. Details of the Ticket Heist Campaign.

The endpoint combines both opportunity and risk for most organizations. While an essential hub for modern business operations and the tools employees use, it also is the primary attack surface for today’s adversaries: Nearly 90% of successful cyberattacks start at the endpoint.1 An endpoint protection platform (EPP) is the essential foundation to a strong cybersecurity strategy.

Sometimes, we need to escape the reality of the real world and detach from reality. In this world centered around technology, fewer people are relaxing by candlelight with a good book, and more are choosing to substitute the physical world by bringing in elements from augmented reality. Unfortunately, the privacy issues we face in the real world from companies are still present in augmented reality.

Business leaders often see security as an insurance policy – a box that CISOs need to tick just in case the organization comes under attack. This make it difficult for InfoSec decision makers to justify the cost of upgrading defenses. After all, we already ticked that box – right? But when it comes to automated attacks, it’s not a matter of “if” bots will target your business. It’s not even a question of “when”.

In today's increasingly digital world, where businesses rely heavily on technology for core operations, the European Union's Digital Operational Resilience Act (DORA) establishes a comprehensive framework to manage Information and Communication Technology (ICT) related risks and ensure business continuity for financial institutions and critical service providers.