Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Read also: Australia to toughen cybersecurity laws following a recent data breach, Meta cracks down on Russian disinformation, and more.

Security practitioners may know about common command-and-control (C2) frameworks, such as Cobalt Strike and Sliver, but fewer have likely heard of the so-called Chinese sibling framework “Manjusaka” (described by Talos in an excellent writeup). Like other C2 frameworks, we studied the Manjusaka implant/server network communications in our lab environment, and here we document some of the detection methods available. We have also open-sourced the content we describe.

The ability of a cybercriminal to place themselves between you and the connection point poses the biggest security vulnerability to public WiFi. You unknowingly communicate with the cybercriminal, who then collects and passes your information to the hotspot, rather than you connecting to the hotspot directly. While there are ways to stay protected on public WiFi, it is still advisable to avoid using it.

Vitrea View is a tool that uses the DICOM standard to view medical images. If exploited an attacker could access patient information and obtain additional access to various services associated with Vitrea View..

Trustwave announced today that it has attained Gold competency in security in the Microsoft Partner Network, a mark reached by only 1% of all Microsoft partners. This certification, awarded upon rigorous review of technical certifications and innovative solutions, represents Microsoft’s highest level of partner recognition for aligning technical expertise to customer needs.

The spotlight on cyber risk quantification (CRQ) has raised its status to the top of the hypercycle, but with fame comes scrutiny and criticism. Security analysts and practitioners debate the validity of each model framework, along with the data used when modeling cyber risk. Despite this debate, there is a unifying consensus that knowing the possible range of the financial impact of a cyber event is far more optimal than flying blind.

A 40-year-old man could face up to 10 years in prison, after admitting in a US District Court to sabotaging his former employer’s computer systems. Casey K Umetsu, of Honolulu, Hawaii, has pleaded guilty to charges that he deliberately misdirected a financial company’s email traffic and prevented customers from reaching its website in a failed attempt to convince the firm to rehire him at a greater salary.

Internet-connected devices (also known as “the internet of things”) are a key business enabler for modern enterprises focused on transforming their businesses and gaining competitive advantage through automation and intelligent decision-making. According to IDC, there will be over 55.7 billion connected IoT devices (or “things”) by 2025, generating almost 80B zettabytes (ZB) of data.

Welcome to October, the spookiest month of the year! No, we’re not talking cute kids dressed as their favorite cartoon character on a mission to collect a mountain of candy. That’s a treat. We’re here to talk about the tricks, and how you can keep from falling for them. That’s right, it’s Cybersecurity Awareness Month!

Arctic Wolf Labs regularly collects and analyzes data and insights from the incident response activities of Arctic Wolf’s incident response business unit, Tetra Defense. These insights, as laid out in the charts and graphs in this blog, enhance the threat detection capabilities of the Arctic Wolf Security Operations Cloud, and are leveraged by Arctic Wolf’s community of partners.