Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Despite advancements in security, web applications are still a problem. Attackers target web applications because they’re exposed, complex, and not as well protected as they should be. According to Verizon1, web applications are the most prevalent attack vector, with exploitations of vulnerabilities increasing by 180% in 2024.

Amazon Web Services (AWS) provides two native options that can be used to back up AWS EC2 instances – AWS EBS Snapshots and Amazon Machine Images (AMIs). This blog post explains the differences between these two approaches to backup and explains when each method is optimal. NAKIVO for AWS EC2 Backup Backup of Amazon EC2 instances to EC2, AWS S3 and onsite. Anti-ransomware options. Fast recovery of instances and application objects. DISCOVER SOLUTION.

Bumblebee is a downloader malware which has become known for its sophistication and effectiveness. The malware was first discovered in 2022 and was believed to be a tool for ransomware groups due to the developer’s close ties with Conti. Since then, it has been used in various attacks and has been delivered through multiple methods, including phishing emails, malicious documents, and SEO poisoning.

Amazon Simple Email Service (Amazon SES) is a cloud-based provider for sending transactional, marketing, and newsletter emails. Because of its role as a source of communication for organizations, Amazon SES has become a primary tool for phishing campaigns. Our latest threat roundup includes a key finding that Amazon SES is a common target in the initial stages of a cloud control plane attack.

Arctic Wolf has recently observed the distribution of a trojanized RVTools installer via a malicious typosquatted domain. The domain matches the legitimate domain, however, the Top Level Domain (TLD) is changed from.com to.org. RVTools is a widely used VMware utility for inventory and configuration reporting, developed by Robware. Once the malicious installer was downloaded, the installer attempts to make outbound connections to known command and control infrastructure.

Fintech CTOs aren’t short on tools; they’re short on the right ones. Between fast-moving DevOps pipelines, open banking integrations, and cloud-native architectures, security often lags behind innovation, not due to negligence, but because traditional tooling fails to keep up. Modern fintech threats like API abuse, IAM misconfigurations, and privilege escalations don’t wait for quarterly audits. They exploit real-time gaps between development and security operations.

For many cybersecurity teams, Nessus is the scanner they started with; a reliable, battle-tested tool that’s been part of the security stack for over two decades. Backed by Tenable’s extensive vulnerability database, Nessus is known for its accuracy in identifying known CVEs and misconfigurations across networks and systems. But while environments have evolved from on-prem to multi-cloud, from VMs to containers, Nessus has primarily stayed the same.