'

Visibility, alarm fatigue top remediation concerns in cloud security

Visibility, alarm fatigue top remediation concerns in cloud security

Striking a balance between sufficient visibility into cloud computing environments and the potential for an overdose of false positives and duplicate alerts is the key challenge facing cloud security professionals, according to the State of Security Remediation report from the Cloud Security Alliance (CSA). The report, released today, detailed a raft of important issues facing … Read more

Attack campaign targeting Azure environments compromised hundreds of accounts

Attack campaign targeting Azure environments compromised hundreds of accounts

Security researchers warn that an ongoing cloud account takeover campaign has impacted dozens of Microsoft Azure environments owned by organizations from around the world. The attackers have compromised hundreds of accounts since late November 2023 including managers and senior executives. “The varied selection of targeted roles indicates a practical strategy by threat actors, aiming to … Read more

Surge in “hunter-killer” malware poses significant challenge to security teams

Surge in “hunter-killer” malware poses significant challenge to security teams

Threat actors have stepped up their efforts over the last year to launch attacks aimed at disabling enterprise defenses, according to the annual Red Report released Tuesday by Picus Security. The findings demonstrate a drastic shift in adversaries’ ability to identify and neutralize advanced enterprise defenses, such as next-generation firewalls, antivirus software, and EDR solutions, … Read more

U.S. Internet Leaked Years of Internal, Customer Emails

U.S. Internet Leaked Years of Internal, Customer Emails

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of … Read more

Cyber gaps in the supply chain — Bank of America breached in another vendor cyberattack

Cyber gaps in the supply chain — Bank of America breached in another vendor cyberattack

Third-party cyber-attacks remain one of the most significant threats facing organisations across the globe. Most recently, Bank of America, a multinational investment banking and financial services corporation, began notifying customers that a November 2023 hack against one of its service vendors resulted in the exposure of personally identifiable information (PII).  The breach occurred following a … Read more

APT Exploits Microsoft Zero-Day in Malware Attacks

APT Exploits Microsoft Zero-Day in Malware Attacks

An APT group has been exploiting a Microsoft zero-day vulnerability in attacks in order to bypass Microsoft Defender SmartScreen and infect financial market trader companies with the DarkMe malware. Researchers with Trend Micro’s Zero Day Initiative said that the known APT group, called Water Hydra, was leveraging the flaw (CVE-2024-21412) in order to bypass Defender … Read more

Categories duo

The Channel can help SMEs protect themselves from increasing security threats

The Channel can help SMEs protect themselves from increasing security threats

Recent reports indicate that SME resellers specialising in security are optimistic about the future, expecting a better year ahead than the challenges they faced in the previous 12 months.  With increasing cyber threats and the need for secure and reliable solutions, these resellers are poised to provide valuable services to businesses seeking to safeguard their … Read more

Software security debt piles up for organizations even as critical flaws drop

Software security debt piles up for organizations even as critical flaws drop

While the prevalence of high-severity security flaws in applications has dropped significantly in the last few years, a large number of organizations still have critical security debt, according to a research by Veracode. The research is based on data collected from Veracode’s recent static application security testing (SAST), dynamic application security testing (DAST), and software … Read more

Nation-state threat actors using LLMs to boost cyber operations

Nation-state threat actors using LLMs to boost cyber operations

Nation-state groups Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon are using large language models (LLMs) to improve and expand their criminal activities, according to findings from Microsoft Threat Intelligence Cyber Signals 2024, done in collaboration with Open AI. The study did not identify significant attacks employing the LLMs that Microsoft and … Read more

Hackers paralyze battery maker Varta in cyberattack

Hackers paralyze battery maker Varta in cyberattack

The Varta Group was the target of a cyberattack on parts of its IT systems on the night of Feb. 12, the battery manufacturer has announced. Five production plants and the company’s administration were affected. “The IT systems and thus also production were proactively shut down temporarily for security reasons and disconnected from the internet,” … Read more

Will generative AI kill KYC authentication?

Will generative AI kill KYC authentication?

For decades, the financial sector and other industries have relied on an authentication mechanism dubbed “know your customer” (KYC), a process that confirms a person’s identity when opening account and then periodically confirming that identity overtime. KYC typically involves a potential customer providing a variety of documents to prove that they are who they claim … Read more