In early August, Arctic Wolf Labs began observing a marked increase in Fog and Akira ransomware intrusions where initial access to victim environments involved the use of SonicWall SSL VPN accounts. Based on victimology data showing a variety of targeted industries and organization sizes, we assess that the intrusions are likely opportunistic, and the threat actors are not targeting a specific set of industries.

As networks become increasingly distributed, user identities are becoming a top adversary target. CrowdStrike’s 2024 Threat Hunting Report and 2024 Global Threat Report state 5 of the top 10 MITRE tactics we observed in 2023 were identity-based, and the CrowdStrike 2023 Threat Hunting Report noted a 583% year-over-year increase in Kerberoasting attacks. These findings illustrate how modern adversaries aren’t breaking in — they’re logging in.

We all know identity management and security are critical to hardening cybersecurity ecosystems. We also know that we can make it happen using the many features and functions across Active Directory (AD), Entra ID and Microsoft 365. The challenge is making sure these are deployed in a way that allows them to work seamlessly together, staying aligned even in environments where there’s fluidity and decentralization.

Read also: Japan's police arrest 18 members of a cybercrime group, FBI’s most wanted cybercriminal arrested in Italy, and more.

Cloud native applications are dominating the tech landscape for modern enterprises. A garden-variety cloud native application consists of microservices deployed in containers orchestrated with Kubernetes, and these microservices interact together via APIs. Netflix, Salesforce, and Atlassian products like Jira and Confluence are all common examples of cloud native applications.

AI is growing in power and scope and many organizations have moved on from “simply” training models. In this blog, we will cover a common system of LLM use called Retrieval-Augmented Generation (RAG). RAG adds some extra steps to typical use of a large language model (LLM) so that instead of working off just the prompt and its training data, the LLM has additional, usually more up-to-date, data “fresh in mind”.

Third-party monitoring is a critical aspect of Third-Party Risk Management as it keeps security teams informed of the organization's evolving third-party risk exposure. To learn the importance of third-party monitoring and why it should be emphasized in your TPRM program, read on.

With sophisticated cyberattacks getting more frequent every day, and regulations around data privacy tightening, businesses across Europe are facing a big challenge: How do you keep your network safe, stay ahead of threats and make sure you're compliant with the latest regulations? Enter the NIS2 Directive — a step up for cybersecurity that demands organizations be ready to face any cyber storm that comes their way.

Over the past few decades, securing remote access has become monumentally more complex. Remote work, with all of its benefits, has also furthered the threats of shadow IT and unauthorized remote access.

Historically, Mac users haven't had to worry about malware as much as their Windows-using cousins. Although malware targeting Apple devices actually predates viruses written for PCs, and there have been some families of malware that have presented a significant threat for both operating systems (for instance, the Word macro viruses that hit computers hard from 1995 onwards), it is generally the case that you're simply a lot less likely to encounter malware on your Mac than you are on your Windows PC.