This report is the first in a series of blogs that will delve into the deep research the SpiderLabs Threat Intelligence team conducts daily on the major threat actor groups currently operating globally. The information gathered is part of a data repository to help SpiderLabs identify possible intrusions as it conducts threat hunts, vulnerability scans, and other offensive security tasks.

ERP and CRM systems are key parts of an organization’s business infrastructure and digital transformation initiatives. One Identity frequently works with customers who use systems from vendors such as SAP, Salesforce and Oracle, and we are seeing more organizations using Microsoft Dynamics products. This is probably due to two factors: a heightened awareness of the importance of Identity Governance to the Dynamics community, and the growth in the adoption of Dynamics products.

In the last few weeks, there have been a few announcements made about a new malware threat known as FrostyGoop or BUSTLEBERM (as it was originally tracked by Mandiant). It is being recognized as the first custom malware to integrate Modbus for the purpose of causing physical damage. An associated incident has been reported where the malware was used to disrupt heating in Ukrainian homes in the context of a Russian cyberattack.

As modern businesses increasingly rely on cloud services, securely migrating data to the cloud has become crucial. Effective cloud migration allows organizations to leverage external expertise and resources while maintaining data integrity and compliance. This guide provides a comprehensive understanding of secure cloud migration, best practices, essential security measures, and successful real-world examples to help businesses benefit from these practices without compromising data security.

The New York Times had their entire codebase leaked. In this article we explore what was inside that code, how the leak happened and what the risk for the New York Times going forward is. (Spoiler we found thousands of secrets).

Safeguarding critical infrastructure is crucial for national security and economic stability in the digital age. The National Critical Information Infrastructure Protection Centre (NCIIPC) plays a key role in protecting India's vital assets and critical infrastructure. Tasked with the monumental duty of protecting the nation's most vital assets—such as power grids and financial systems—the NCIIPC stands as a stronghold against the constantly evolving landscape of cyber threats.

Analysis of current phishing attacks by security researchers have uncovered an increase in the use of trusted shortlink services. To be successful, phishing scammers need to establish legitimacy as much and as early as possible. Brand impersonation within an email has long been one method, but to establish legitimacy to security solutions, scammers have had to do more than just have a look-alike domain.