Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

UK Phishing Report: Attacks Are on the Rise

The data about the rise of phishing attacks against businesses in the United Kingdom is in, and it’s bleak: UK phishing reports indicate that 79 percent of organizations in the UK were targeted by phishing attacks in the past year. Meanwhile, phishing is the initial attack vector in 36 percent of all data breaches globally, according to Verizon’s 2023 Data Breach Investigations Report. And 80,000 new phishing sites appear every month, according to Cyberint research.

Lessons Learned From 50+ MOVEit Exploit (CVE-2023-34362) Investigations - Full Webinar

In Q2 2023, Kroll reported a notable shift towards increased supply chain risk, largely driven by the CLOP ransomware gang’s exploitation of the MOVEit transfer vulnerability. The MOVEit exploitation rendered even organizations with mature cybersecurity controls helpless and vulnerable to financial and reputational damage. Only a handful were able to detect the exfiltration, and even fewer could handle the consequences once a trusted partner fell victim.

Container Security with Calico: Detect and Respond to Container Attacks with Network Anomaly Detection

Considering the vast attack surface and flat network architecture, Kubernetes workloads are particularly susceptible to network-based threats. While following best practices like workload access controls, workload-centric IDS/IPS, and WAF can help prevent and block attacks, anomaly detection has become crucial in today’s IT landscape to proactively anticipate security threats.

DDoS attacks have increased by 40% over the last six months

Distributed denial-of-service (DDoS) attacks have been around for a long time. However, the sophistication and scale of these threats has grown in recent years. Cybercriminals are employing amplification techniques that exploit vulnerabilities in misconfigured services or network protocols to increase the traffic they can generate and maximize the impact of their attacks.

New Claims of Attacks Against Israeli SCADA Systems

Since Hamas’s attack on Israel last month, SecurityScorecard’s SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has paid close attention to hacktivist activity provoked by the conflict, with particular focus on the international scope.

Dark Pink APT Attacks

A recent wave of advanced persistent threat (APT) attacks is spreading throughout the Asia-Pacific (APAC) region, and these have been attributed to a newly identified group known as Dark Pink (also referred to as the Saaiwc Group). While evidence suggests that Dark Pink commenced its operations as early as mid-2021, the group’s activities escalated notably in the latter part of 2022.

Top four Kubernetes Attack Chains and how to break them

While Kubernetes adoption continues to soar, it has become a prime target for cyberattacks. Unfortunately, Kubernetes clusters are complex and can be difficult to secure. Safeguarding your Kubernetes environment requires a solid understanding of the common attack chains that pose a threat to your infrastructure. In this blog post, we dig into the top attack chains that target Kubernetes, shedding light on the risks and offering valuable insights to bolster your defenses.

Pwning Electroencephalogram (EEG) Medical Devices by Default

Overall Analysis of Vulnerability Identification – Default Credentials Leading to Remote Code Execution During internal network testing, a document was discovered titled the “XL Security Site Administrator Reference.pdf.” It appeared to be a guide for the specific configuration of the SQL service running on NeuroWorks Natus. Being that this was a guide, it was extensive and detailed the software in-depth.

Spear Phishing Becomes Most Common Attack Technique in Q3 2023

Spear phishing was the most common attack technique in the third quarter of 2023, according to researchers at ReliaQuest. “In Q2 2023, spear phishing-related techniques represented the three most observed methods of attack,” the researchers write. “This remained true in Q3 2023, accounting for a total of almost 65% of all true-positive incidents.