Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Malicious Google Ads Target Users Seeking Solutions to Printer Problems

Scammers are abusing Google ads to target users searching for help with printer problems, according to researchers at Malwarebytes. The malicious ads claim to offer tech support for installing drivers used by HP and Canon printers. “After clicking on a malicious ad, the website instructs you to enter your printer’s model number in order to download the required driver, which it proceeds to ‘install,’” the researchers write.

CVE-2024-42448: Veeam Discloses Critical RCE Vulnerability in Service Provider Console

On December 3, 2024, Veeam disclosed a critical vulnerability within the Veeam Service Provider Console (VSPC), tracked as CVE-2024-42448, which was discovered during internal testing. VSPC is a management tool designed for service providers to manage customer backups. The vulnerability allows a remote threat actor to perform Remote Code Execution (RCE) on the VSPC server machine from an authorized VSPC management agent machine.

New NIST Guidelines: Rethinking Passwords

The National Institute of Standards and Technology (NIST) issued a new perspective on password management policies, recognizing that many traditional practices used to ensure password security are no longer effective. The suggested practices to eliminate include not requiring periodic password changes, reducing restrictions on special characters, and discontinuing the use of security questions for account recovery.

5 Secrets of a SOC Leader Turned Field CISO

Torq is thrilled to have Patrick Orzechowski (also known as “PO”) on board as our new Field CISO, bringing his expertise and years of experience as a SOC leader to our customers. PO is a seasoned security veteran with a deep understanding of the modern security landscape. By way of introduction, below he shares his five top pieces of advice for SOC leaders facing today’s security challenges.

PROXY.AM Powered by Socks5Systemz Botnet

A year ago, Bitsight TRACE published a blog post on Socks55Systemz,a proxy malware with minimal mentions in the threat intelligence community at the time. In that post, we correlated a Telegram user to the botnet operation and estimated its size at around 10,000 compromised systems. After a year-long investigation, we are shedding new light on these conclusions.

Logins Are Cheap. Peace of Mind Is Priceless.

Imagine a typical morning at an enterprise: employees, remote workers, contractors and partners log in, browsing and accessing apps and files they need to do their jobs. All seems calm. But behind the scenes, security teams face a different reality. They’re managing an explosion of high-risk identities and passwords across countless endpoints, dealing with unchecked admin rights, rising security costs and compliance pressures.

One Year of Falcon Go: Transforming Cybersecurity for Small Businesses

Small business owners are wearing more hats than ever before. Along with managing operations, sales, innovation, customer satisfaction and more, they must also stay on top of trends that can affect their business trajectory — including cybersecurity and the ever-evolving range of cyber threats.

From deals to DDoS: exploring Cyber Week 2024 Internet trends

In 2024, Thanksgiving (November 28), Black Friday (November 29), and Cyber Monday (December 2) significantly impacted Internet traffic, similar to trends seen in 2023 and previous years. This year, Thanksgiving in the US drove a 20% drop in daily traffic compared to the previous week, with a notable 33% dip at 15:45 ET. In contrast, Black Friday and Cyber Monday drove traffic spikes. But how global is this trend, and do attacks increase during Cyber Week?

Risky Business: Working with Third Parties Across the Globe

To show regional differences, BlueVoyant’s latest research report includes C-level executive responses from organizations in the U.S. and Canada, U.K., Continental Europe, and APAC. Singapore had among the lowest reported negative impacts from third-party cyber breaches, while the U.K. had the most. Regional differences play a notable role in shaping how organizations approach and handle third-party cyber risk management (TPRM).

Protecting Your Business from Web Scraping as a Service

Since the early days of the World Wide Web, automated scripts known as bots have been crawling cyberspace, collecting data for various purposes. Initially, these bots were designed to be helpful, cataloging information much like search engines such as Google and Bing do today. However, the volume of automated requests has grown significantly. Today, bots account for a substantial portion of web traffic, costing businesses considerable resources to handle unwanted or malicious requests.