As the manufacturing sector continues its digital transformation, Operational Technology (OT), Industrial Control Systems (ICS), and Supervisory Control and Data Acquisition (SCADA) are becoming increasingly exposed to cyberattacks, particularly those involving ransomware.

The holiday season is just around the corner; a time of joy and celebration. However, threat actors anticipate this joyous season as much as it is by many festive revelers. In fact, cybercriminals tend to be particularly active during the holiday season, taking advantage of the distractions that come with it. The holiday season tends to witness an increase in successful attacks affecting both businesses and consumers.

2023 was a lucrative year for ransomware actors, with victim organizations paying $449.1 million in the first six months alone. Maintaining this cash stream requires frequent technique shifts, which may be why more attackers are exploiting legitimate software to propagate their malware. Abusing organizations’ existing enterprise tools can help attackers blend in while they’re doing reconnaissance, and also aids them with privilege escalation and persistence.

Excessive access rights increase the risk of cybersecurity incidents. Implementing the principle of least privilege (POPL) can help you significantly limit the attack surface and protect your organization from the financial and reputational losses that may follow a cybersecurity breach. This article aims to reveal the importance of POLP and equip you with the best practices for its effective implementation.

In this digital era, as data is produced and gathered more than ever before, the importance of data security has surged. Given the widespread use of social media, e-commerce, and other online services, individuals are sharing their personal details with numerous entities.

‍We are thrilled to welcome Bob Lyle to Riscosity as our Chief Revenue Officer. Bob is an accomplished executive with extensive GTM experience in scaling software and security companies. He will be responsible for the planning, development, and global execution of our revenue strategy as we continue to evolve our business.

On December 5th, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory that confirmed the exploitation of CVE-2023-26360 at a Federal Civilian Executive Branch (FCEB) agency by unknown threat actors. Exploiting this vulnerability allowed threat actors to gain access to the FCEB agency network on two separate occasions in June 2023.

During a cyber attack, malicious actors often breach an organization’s perimeter security with tactics like vulnerability exploitation and phishing. Once inside, they attempt to navigate the organization’s network to escalate their privileges and steal or encrypt data—but here they often face sophisticated endpoint detection and response (EDR) systems designed to identify and prevent this type of activity.

‍ The US Securities and Exchange Commission's complaint against SolarWinds and its Chief Information Security Officer (CISO) Tim Brown has sent shockwaves through the cybersecurity community. Solarwinds and Brown have been accused of fraud, the details of which can be found in an extensive 68-page document. ‍ This complaint, in itself a bold move, has been particularly jolting to cyber professionals given the SEC’s July 2023 regulations.