Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In a notable development in the cybersecurity landscape, the emerging threat group known as Hunters International has added a novel remote access Trojan (RAT) to its arsenal. This group, which has quickly ascended the ranks of ransomware operators, is using the RAT, dubbed SharpRhino, to target IT professionals. Disguised as a legitimate network administration tool, SharpRhino facilitates initial access and persistence on targeted networks, setting the stage for ransomware attacks.

In a recent cybersecurity incident, a hacker breached Mobile Guardian, a widely used digital classroom management platform, and remotely wiped data from at least 13,000 student devices. Mobile Guardian, a partner of 'Google for Education,' offers comprehensive device management, secure web filtering, classroom management, and communication solutions for K-12 schools worldwide.

The months leading up to audits can be some of the most stressful for security and privacy teams. Some audits can take up to 9 months to prepare for and another 3 months to complete, with security and privacy teams spearheading the evidence collection. Collecting evidence used to be a walk in the park, but that was before multi-cloud environments, new standards, and emerging regional privacy requirements.

Bring Your Own Device, better known as BYOD, is when employees can use their personal devices on a company’s network to complete their work tasks. Companies sometimes prefer their employees to use their own devices because they save money on providing technology and resources. Despite this financial benefit, companies should recognize the security risks BYOD can bring to their employees and organizations.

New analysis shows users can be convinced to copy and paste malicious code on behalf of the attacker. I first saw this kind of attack earlier this month – where the user is asked to launch the Run dialog box and paste in a malicious command. I never thought I'd see something similar again, but I was wrong.

A report from Darktrace has found that 62% of phishing emails in the first half of 2024 were able to bypass DMARC verification checks in order to reach users’ inboxes. “Building on the insights from the 2023 End of Year Threat Report, an analysis of malicious emails detected by Darktrace / EMAIL in 2024 underscores the implication that email threats are increasingly capable of circumventing conventional email security tools,” the report says.