Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

APIs can be vulnerable to a wide variety of attacks, such as poor inventory management and access controls, making them a primary target for attackers. Server-side request forgery (SSRF) is one type of attack that has become more prominent with the rising use of public clouds. This is primarily due to new development practices like using Instance Metadata Services (IMDS) to access valuable information about deployed instances, such as credentials.

Too many consumers have awoken one morning to find messages from a retailer or their bank detailing purchases made through their account of which they were unaware. While the realization that they have been hacked will cause some well-deserved panic for the account holder, it usually only takes a few phone calls to cancel purchases, change a password, and cancel a credit card to put a stop to the problem.

Analysis of new ransomware group Volcano Demon provides a detailed look into how and why calling victims ups the chances of ransomware payment. Security researchers at Halcyon have uncovered a new ransomware threat group that initially follows traditional methods – harvesting admin credentials, data exfiltrated to a C2 server, logs cleared and data was encrypted using LukaLocker. However, Volcano Demon attacks take a different direction in the extortion phase.

Researchers at Malwarebytes warn that a malvertising campaign is targeting Mac users with phony Microsoft Teams ads. The ads are meant to trick users into installing Atomic Stealer, a commodity strain of malware designed to steal information from macOS systems.

A new strain of the HardBit ransomware has emerged in the wild. It contains a protection mechanism in an attempt to prevent analysis from security researchers.

Australia aims to be the world leader in cyber security by 2030 using the Australian Cyber Security Strategy that was released on 22 November 2023. With the cost of cybercrime on Australian businesses growing by up to 14% per annum, the Cyber Security Strategy seeks to improve cyber security, manage cyber risks and better support citizens and Australian businesses to manage their cyber environment by using six cyber shields and actions to be taken.

In today’s complex IT environments, maintaining full network visibility is a daunting task. Network segmentation, while essential for security, often complicates the process of obtaining a comprehensive view of the entire network infrastructure. Federal IT departments charged with the responsibility of keeping networks mission-ready, face significant hurdles in visualizing connectivity, ensuring security zone segmentation, and performing complete path searches across segmented domains.

Watching the recent Snowflake customer attacks unfold felt a bit like rewatching a horror movie with predictable attack sequences and missed opportunities to run to safety. But this time, the ending was far more devasting. More than 100 organizations were exposed, and many are now grappling with the impacts of data theft and extortion in what some are calling one of the largest breaches in history.

This blog is part of the ongoing “I&O Perspectives” series, which features insights from industry experts about the impact of current threats, networking, and other cybersecurity trends.

Do we need a new cybersecurity framework? According to Gartner, the answer is yes. Since 2022, they have championed CTEM, a five-stage approach designed to shrink attack surfaces and minimize cyber threat exposure through continuous risk assessment and mitigation. At its core, CTEM advocates for regularly testing your defenses to find vulnerabilities in your system and fortify your organization’s security with risk mitigation strategies.