New infosec products of the week: November 25, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Solvo, Sonrai Security, and Spring Labs. Sonrai Risk Insights Engine empowers …
5 cybersecurity predictions for 2023
The cyber game is now an entire underground economy wrapped around cyberattacks. Thanks to increased international friction and the activity of groups such as Lapsus$, …
The emergence of zero trust consumers
A survey report from Daon shows 92% of consumers believe that cybersecurity threats will continue to outpace cybersecurity technology, with 91% willing to take extra security …
A flaw in ConnectWise Control spurred the company to make life harder for scammers
A vulnerability in popular remote access service/platform ConnectWise Control could have been leveraged by scammers to make compromising targets’ computers easier, …
Fake subscription invoices lead to corporate data theft and extortion
A threat actor dubbed Luna Moth has been leveraging social engineering and legitimate software to steal sensitive data and extort money from small and medium-size businesses. …
Here’s how to make sure your incident response strategy is ready for holiday hackers
The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities. The holiday season is upon us …
Threat actors extend attack techniques to new enterprise apps and services
Perception Point announced the publication of a report, “The Rise of Cyber Threats Against Email, Browsers and Emerging Cloud-Based Channels“, which evaluates the responses of …
Cyber risk focus areas for portfolio companies
IT management is a top concern, with many portfolio companies struggling with IT hygiene, potentially leaving them susceptible to costly breaches, according to a report from …
90% of organizations have Microsoft 365 security gaps
A recently published study evaluated 1.6 million Microsoft 365 users across three continents, finding that 90% of organizations had gaps in essential security protections. …
Google seeks to make Cobalt Strike useless to attackers
Google Cloud’s intelligence research and applications team has created and released a collection of 165 YARA rules to help defenders flag Cobalt Strike components deployed by …
5 free resources from the Cybersecurity and Infrastructure Security Agency (CISA)
The Cybersecurity and Infrastructure Security Agency (CISA) is an agency of the United States Department of Homeland Security. CISA is in charge of enhancing cybersecurity and …
The pros and cons of using open-source Kubernetes security software
Open source tools are a key part of the Kubernetes security environment, with most companies using open source Kubernetes security software, research by ARMO has revealed. In …