Our inaugural 2022 threat roundup report started by observing that “the year 2022 was eventful for cybersecurity.” As you can imagine, 2023 was no less eventful. Some of the key events included ongoing conflicts and the appearance of new ones, the emergence of critical vulnerabilities being mass exploited and the ever-increasing threat of cybercrime.

Arctic Wolf Labs has been tracking two recent intrusions where threat actors leveraged a new Go-based malware downloader we are calling “CherryLoader” that allowed them to swap exploits without recompiling code. The loader’s icon and name masqueraded as the legitimate CherryTree note taking application to trick the victims.

In what appears to be a digital tsunami, Cybernews has reported a colossal data breach has surfaced, unveiling a staggering 26 billion records – a figure that's hard to even fathom. Termed as the Mother of all Breaches (MOAB), this leak is not just another incident in the cybersecurity world, it's a seismic event that dwarfs previous breaches in its sheer magnitude.

The past decade has seen governments around the world introduce significant new legislation covering data, cybersecurity, and technology. This has been part of a sustained effort to regain some influence over big tech and impose good governance practices on how businesses capture, protect, and manage data. This shift towards greater regulation has been largely led by the EU, which implemented the General Data Protection Regulation (GDPR) in 2018.

As global data privacy and cybersecurity regulations continue to increase, the pressure for organizations to manage compliance risk grows. The first step in your journey to better compliance risk management is compliance risk assessment. With risk management methodologies, a compliance risk assessment analyzes how an organization might not meet its regulatory compliance obligations.

Corporate compliance is not a new idea; for many years, organizations everywhere have had to comply with certain rules and standards to reduce risks and vulnerabilities. Those rules might be defined internally by the company’s compliance team or by an external party such as a regulatory agency — but either way, they are rules that the company must follow. An effective compliance function assures that the organization complies with both internal and external rules.

Industries that collect user data, such as finance, healthcare, and government, are high-profile targets for DNS attacks because the data is compelling for malicious actors. Incorporating a variety of security mitigations, including Domain Name System Security Extensions to prevent spoofing attacks, can help an organization prevent data breaches and protect its users and their data from misuse.

You can securely share passwords with friends and family by using a password manager. A password manager is a tool that aids users in creating, managing, securely storing and sharing their passwords. Some password managers also allow you to securely share additional sensitive data such as paperwork and credit card details Continue reading to learn the importance of sharing passwords securely and how a password manager can help.

In this blog post, Kevin Menezes, Sr. Manager, Customer Success, shares his best practices for getting started with Tines. Over the past decade, I've worked closely with security leaders at all types of organizations, from Fortune 10 companies to organizations with 10 employees, as they deploy new security products to help them optimize and streamline processes. And here's what I've learned - it’s unusual - but not impossible! - to onboard customers quickly.

The Columbus Regional Healthcare System (CRHS) spans ten counties in southeastern Indiana. The network includes over 2,400 employees, 200 physicians, and many volunteers. CRHS offers emergency and surgical solutions, primary and specialty care programs, and endless inpatient and outpatient service options. CRHS recently notified the Maine Attorney General’s Office of a breach within their systems; the event happened in May 2023—and has potentially compromised the data of 132,887 individuals.