Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

What security lessons can you learn from your attack surface score?

Increasing digitalization and connectivity mean the attack surfaces of most organizations are growing. This means more IT assets to track and manage, plus more potential attack routes for threat actors to target. The threat situation is constantly increasing, especially in the area of vulnerabilities – last year over 30,000 new vulnerabilities were published. So how can you get an accurate view of your attack surface and where it might be open to exploitation?

SafeBreach Coverage for US CERT AA24-249A (GRU Unit 29155)

On September 5th, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) issued an urgent advisory warning security teams about efforts undertaken by threat actors affiliated with Russia’s General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155).

Are Cyber Attacks Increasing?

Yes, cyber attacks including phishing, malware and ransomware attacks, continue to increase in 2024. According to Keeper Security’s recent study, 92% of IT leaders say cyber attacks are occurring more frequently today than in 2023. Continue reading to learn which types of cyber attacks have increased in 2024, emerging cyber threats and how to protect your organization from cyber attacks.

What To Do if You Give Your Card Details to a Scammer

Did you fall for a scam and accidentally give your card details to a scammer? To protect yourself and your finances, you should lock your card, contact your card issuer and freeze your credit report. Continue reading to learn what you should do if you’ve fallen for a scam and how you can avoid scams in the future.

Your Return on Investment: Veracode Dynamic Analysis

Demonstrating Return on Investment (ROI)—showing how your security investments translate into tangible business value—helps assess their impact. Veracode Dynamic Analysis enables you to deliver secure software that aligns with business goals such as reducing risk, cutting costs, and saving time. To see the potential business value of Veracode Dynamic Analysis for your organization, check out our ROI calculator.

Datadog delivers smarter vulnerability remediation

Security teams today normally perform ongoing vulnerability remediation as a key part of their efforts to secure applications. This process entails applying updates to remove known flaws, typically published as Common Vulnerabilities and Exposures (CVEs), that are discovered in third-party libraries within application code. While “applying updates” might sound like a straightforward task, in practice, eliminating vulnerabilities has become increasingly challenging in the current environment.

Arctic Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts

On August 22, 2024, a remote code execution vulnerability (CVE-2024-40766) was disclosed in SonicOS, affecting a selection of SonicWall firewall devices. At the time of disclosure, active exploitation was not known and no proof-of-concept exploit was publicly available. As of September 6, 2024, however, the security advisory has been updated with additional details, indicating that the vulnerability is potentially being actively exploited.

Critical Vulnerabilities Patched in Veeam Products

On September 4, 2024, Veeam released a security bulletin announcing that they have fixed several vulnerabilities affecting various Veeam products. Arctic Wolf has highlighted five of these vulnerabilities, which are classified as critical. Arctic Wolf has not observed any exploitation of these vulnerabilities in the wild and has not identified any publicly available proof of concept (PoC) exploit code.

Understanding the Schools and Libraries Cybersecurity Pilot Program

Schools and libraries often lack the funding and staffing needed to build and maintain a robust cybersecurity program. They are also the exact kind of organizations threat actors prefer— under defended and a storehouse of personally identifiable information (PII). Considering that, in 2024, education was the second-most represented industry in ransomware attacks, and third-most in business email compromise (BEC) attacks, it’s clear that protection is paramount.