Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Data is everywhere, sprawling across cloud, on-premises, and hybrid environments. As security practitioners, we need fast access to this data to analyze it, draw insights, and uncover potential threats. However, the sheer volume of data and complexity of threats makes it difficult to maintain visibility, detect stealthy attacks, and respond quickly to security incidents.

A silent danger is sweeping through the world’s critical infrastructure. The SecurityScorecard STRIKE Team has uncovered a resurgence of Volt Typhoon—a state-sponsored cyber-espionage group from the Asia-Pacific region, known for its precision and persistence. This is no ordinary attack. Volt Typhoon exploits unprotected, outdated edge devices within targeted critical infrastructure.

Data breaches and network security threats are becoming a major problem for companies. The goal is not only to detect attacks but to stop them from happening in the first place. Fidelis Network DLP gives businesses a strong and integrated system to protect sensitive data. By preventing data leaks across all network traffic, Fidelis Network DLP helps businesses protect themselves from both external cyber-attacks and insider threats.

The Kroll Security Operations Center (SOC) has recently detected and remediated a trend of incidents that involved socially engineering a victim into pasting a PowerShell script into the “Run” command window to begin a compromise. These incidents have typically begun with the victim user attempting to find “YouTube to mp3” converters, or similar, then being redirected to the malicious webpages.

According to security researcher nol_tech CVE-2024–50340 is a critical vulnerability (CVSS: 7.3) affecting Symfony applications when the PHP directive register_argc_argv is enabled. By appending ?+--env=dev to a URL, attackers can force the application into the dev environment, granting remote access to the Symfony profiler. This exposure can lead to the leaking of sensitive information and potentially executing arbitrary code.

In what feels like 10 minutes, cybersecurity AI and machine learning (ML) have gone from a concept pioneered by a handful of companies, including SenseOn, to a technology that is seemingly everywhere. In a recent SenseOn survey, over 80% of IT teams told us they think that tools that use AI would be the most impactful investment their security operations centre (SOC) could make.

In the digital era, websites are increasingly vulnerable to a variety of automated threats. These threats, executed by malicious bots, can lead to significant financial losses, data breaches, and compromised user experiences. To safeguard against these risks, it is imperative for websites to implement robust bot protection.

Cyber threats are relentless, sophisticated, and growing. To stay ahead, you can no longer treat threat intelligence as an optional tool—it’s the backbone of a proactive, defense-ready strategy. Threat intelligence feeds bring crucial insights to security teams, from high-level trends to detailed indicators of compromise (IoCs). But no single feed can capture every potential threat. Threat landscapes evolve rapidly and adversaries employ diverse techniques and targets.

On October 12, 2024, Ivanti released fixes for CVE-2024-50330, a critical severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw allows Remote Code Execution (RCE) by an unauthenticated attacker.

As we discussed in the first article in this series, there are many Internet-exposed control systems, but they are very different from traditional IT systems and require a different security approach. With these systems being so critical and controlling processes that can potentially lead to loss of life if they fail, what is being done to tackle this issue? In this article I’ll dive into this and more, looking at.