Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A trojanized version of the McAfee Security app is installing the Android banking Trojan “Vultur,” according to researchers at Fox-IT. The attackers are spreading links to the malicious app via text messages and phone calls. “In order to deceive unsuspecting individuals into installing malware, the threat actors employ a hybrid attack using two SMS messages and a phone call,” the researchers write.

Researchers discover a new version of the Tycoon 2FA AiTM kit, a phishing attack disguises keylogger as bank payment notice, and TheMoon malware targets ASUS routers.

My perspective on how GitGuardian approaches the cybersecurity market with a focus on the long game.

In this guest blog post, Marcus Hallberg and Attila Dulovics, senior security engineers at Spotify, share a Tines workflow they built to create identity federation between GCP and AWS. As modern organizations continue their journey into the cloud, they face the complex reality of a mix of cloud providers and on-premise infrastructure. This often happens due to acquisitions being made, necessary partner integrations, or other business and technical requirements that create a multi-cloud setup over time.

Trustwave was named a Major Player in the IDC MarketScape: Worldwide Cybersecurity Consulting Services 2024 Vendor Assessment (doc # US50463223, March 2024). The report noted “The acquisition by MC2 Security Fund — the private equity fund of internationally recognized security advisory firm The Chertoff Group — successfully closed in January 2024.

Granting privileged access to an end user’s device is a common practice in organizations. Admins do it to give end users the ability to manage administrative tasks such as downloading applications and accessing resources on their devices. It can be done manually, which is cumbersome and introduces risks. Or it can be managed to improve user productivity without requiring additional IT help or intervention, so that IT can focus on higher priority tasks.

The European Union’s Network and Information Systems Directive 2 (NIS2) is a big deal for improving the EU’s cybersecurity stance. Kicked off in January 2023—with a compliance deadline of October 18, 2024—the Directive is designed to beef up cyber defences across key sectors.

The risk both to and from AI models is a topic so hot it’s left the confines of security conferences and now dominates the headlines of major news sites. Indeed, the deluge of frightening hypotheticals can make AI feel like we are navigating an entirely new frontier with no compass. And to be sure, AI poses a lot of unique challenges to security, but remember: Both the media and AI companies have a vested interest in upping the fright hype to keep people talking.

Over the years, we have seen a substantial amount of cyberattacks happening around the globe. The most infamous of them is the RaaS attack, which is taking over organizations of all sizes. An employee’s sheer negligence and lack of cybersecurity solutions put organizations at higher risk. In this article, we will share some tips that every organization needs to know in order to stay away from cyberattacks. Ransomware attacks have become prevalent in recent years and can happen to any organization.