Today, the average application contains thousands of moving parts. Organizations deploy to multi-cloud environments with containers and microservices, using a combination of code written by internal teams, generated by AI, and curated by third parties. Security teams face a tall order in keeping these complex applications secure, especially given the increasing number of software supply chain attacks.

Elastic 8.14 is now available! This release supports our mission to modernize security operations with AI-driven security analytics. 8.14 includes major features like the brand new Attack Discovery, significant enhancements to Elastic AI Assistant for Security, and the general availability of ES|QL — all of which provide the SOC with contextual, streamlined SecOps.

In today' s dynamic cloud landscape, the demand for a sophisticated, all-in-one security platform is paramount. Panoptica meets the challenge head-on, empowering security teams with actionable insights that enhance their security posture.

During a recent client investigation, Trustwave SpiderLabs found a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. Our client had been searching for the Advanced IP Scanner tool online and inadvertently downloaded the compromised installer from a typo-squatted domain that appeared in their search results. Figure 1. Search results for Advanced IP Scanner may direct users to a malicious domain.

For most organizations, the decision to adopt cloud technologies is a simple one. Cloud apps streamline operations and costs while enabling users to access resources from anywhere and on any device. But migrating to the cloud has also introduced some complexity, which comes with new risks. Instead of everything residing neatly within your corporate perimeter, your data now resides within countless apps and is being handled by users and endpoints that operate outside of your sphere of influence.

In an alarming revelation, First American Financial Corporation, the second-largest title insurance company in the United States, disclosed that a cyberattack in December resulted in a significant data breach affecting 44,000 people. This incident underscores the importance of robust cybersecurity measures and services such as phishing takedown, online risk evaluation, stolen credentials detection, and darknet monitoring.

Machine learning (ML) and AI tools raise concerns over mis- and disinformation. These technologies can ‘hallucinate’ or create text and images that seem convincing but may be completely detached from reality. This may cause people to unknowingly share misinformation about events that never occurred, fundamentally altering the landscape of online trust. Worse – these systems can be weaponised by cyber criminals and other bad actors to share disinformation, using deepfakes to deceive.

While often considered a newer threat, and rightly so given its fast-rising dominance among the cybercrime landscape, ransomware is not a recent innovation in the ongoing cyber war. It stretches back decades to the early days of the internet, email, and even floppy discs.

Remember Wireshark from the good old days of your IT degree or early engineering adventures? Well, guess what? It’s still kicking and just as relevant today as it was back then, and guess what else? It is still open source! Do your engineering or security teams use it? There’s a good chance they do if you’re on-premises. Believe it or not, Wireshark isn’t just for the land of wires and cables anymore. With some help from Falco and Kubernetes, it has a place in the cloud SOC.

As cybersecurity leaders try to get ahead of threats to their organization, they're increasingly seeking ways to get off the hamster wheel of chasing countless CVEs (common vulnerabilities and exposures). The brass ring that most CISOs reach for today is prioritization of exposures in their infrastructure (and beyond), so their teams can focus on tackling the ones that present the greatest risk. In some cases, the highest priority exposures will still be critical CVEs on mission critical assets.