Fortra’s Q2 2024 report has unveiled a series of concerning trends in the digital threat landscape, analyzing hundreds of thousands of attacks on enterprises, their employees, and brands across domains, social media, counterfeit websites, and the dark web. The findings provide valuable insights for security leaders to better understand the evolving tactics of threat actors and implement proactive measures to mitigate risk. Rise in Domain Impersonation Attacks The report highlights a rise in domain impersonation attacks, with brands facing an average of 73 look-alike domain attacks per month, peaking in May 2024 at over 80 attacks per brand. Despite fluctuations,…
ISB Staff Reporter
Identity management, particularly privileged identity management, forms the backbone of an effective cybersecurity strategy. The ManageEngine Identity Security Survey 2024 sheds light on the current state of identity management, gathering insights from security decision-makers worldwide. The Importance of Identity Management The survey reflects the critical importance of identity management in a world where cyber threats are increasingly prevalent. A staggering 77% of CISOs reported experiencing an identity-related cyberattack in 2023. Jane Frankland, a cybersecurity influencer and author, notes: “The 2024 Identity Security Report by ManageEngine underscores the ever-growing importance of identity management in an increasingly digital world, revealing that while…
The Trend Micro Threat Hunting Team has identified an alarming new trend in cyber attacks: malefactors are adopting EDRSilencer, a red team tool designed to interfere with endpoint detection and response (EDR) systems. Originally developed as a tool for security professionals, EDRSilencer has been repurposed by malicious actors to block EDR communications, helping them slip through the security nets, A Red Team Tool Turned Dangerous The tool works by disrupting the transmission of telemetry and alerts from EDR systems to their management consoles, thus hindering the identification and removal of malware. Leveraging the Windows Filtering Platform (WFP), the tool dynamically…
Several interesting trends are emerging in the cybersecurity landscape, particularly the emergence of artificial intelligence (AI)-driven malware, as well as the ongoing dominance of ransomware threats. Threat actors have started using GenAI as part of their attack infrastructure, which illustrates the ongoing evolution of cyber-attack tactics. AI-driven malware aside, ransomware continues to dominate, with RansomHub maintaining its top spot among ransomware groups. Check Point’s VP of Research, Maya Horowitz, says: “The rise of generative AI in cybercrime is a clear signal that organizations must invest in proactive security strategies to stay ahead of these evolving threats.” It’s also clear that malefactors…
Cybercriminals are increasingly exploiting OpenAI’s model, ChatGPT, to carry out a range of malicious activities, including malware development, misinformation campaigns, and spear-phishing. A new report revealed that since the beginning of 2024, OpenAI has disrupted over 20 deceptive operations worldwide, spotlighting a troubling trend of AI misuse that includes creating and debugging malware, producing content for fake social media personas, and generating persuasive phishing messages. OpenAI says its mission is to ensure that its tools benefit humanity universally, and it is focusing on detecting, preventing, and disrupting attempts to misuse its models for harmful purposes. In this election year, the…
Developers are spending significantly more time, and companies are spending 28K per developer each year on security-related tasks, such as manual application scan reviews, context switching, and secrets detection, among other things. This was revealed by JFrog, the Liquid Software company and developers of the JFrog Software Supply Chain Platform. The company released the results of an IDC survey called: “The Hidden Cost of DevSecOps: A Developer’s Time Assessment,” sponsored by JFrog. It showed that 50% of senior developers, team leaders, product owners and development managers experienced a significant increase in the number of hours spent weekly on software security-related tasks, detracting from their ability to innovate, build,…
In the dynamic world of software development, security challenges are advancing at a rapid pace. Black Duck’s 2024 “Global State of DevSecOps” report examines the evolving trends and concerns in application security, drawing insights from a survey of over 1,000 professionals across diverse industries and countries. Key DevSecOps Security Priorities The report identifies three primary security priorities for organizations: A Heightened Focus on Sensitive Data Protection As security threats grow in complexity, protecting sensitive data remains a primary concern for entities handling critical information. The report highlights that 43% of applications in software development, 46% in finance, and 38% in…
VIPRE Security Group, a cybersecurity, privacy, and data protection company, has debuted a combined VIPRE Endpoint EDR+MDR package. This managed protection package provides organisations of all sizes with cost-effective, advanced, and around-the-clock endpoint security. For managed service providers (MSPs), this solution provides a genuine opportunity for portfolio expansion to offer Managed Detection & Response (MDR) services to customers. With this solution, entities receive top-tier Endpoint Detection & Response (EDR) capabilities such as threat detection, DNS protection, ransomware rollback, patch, and vulnerability management – alongside a fully managed threat incident response led by an experienced forensics team. This includes 24x7x365 coverage…
Akamai researchers have identified a critical vulnerability in the Common Unix Printing System (CUPS) that could allow malicious actors to initiate powerful distributed denial-of-service (DDoS) attacks with minimal resources. Approximately 58,000 exposed devices are potentially at risk, posing a serious threat to internet stability. This discovery adds to the growing list of vulnerabilities in outdated technology that can be abused by malefactors. The Akamai team revealed that over 198,000 devices connected to the internet are vulnerable to this type of attack, with around 34% of these, or roughly 58,000 devices, susceptible to DDoS abuse. Exploit Details and Impact The exploit,…
CloudSEK, a provider of AI-driven cybersecurity solutions, has debuted Deep Fake Detection Technology, which is now available for free. The company says this initiative is part of its commitment to providing society with resources to combat cybercrime. Advanced Deep Fake Detection Technology CloudSEK has developed an advanced DeepFake Detector designed to identify and mitigate the risks of deep fake content. The technology calculates an overall Fakeness Score by integrating several sophisticated analyzers: Promoting Cybersecurity Awareness By offering this technology for free, CloudSEK aims to enhance the cyber resilience of the digital world and help people and companies protect themselves against the growing…