Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cloud security incidents are skyrocketing. In fact, nearly half (45%) of all security incidents target cloud-based services. Another angle: 80% of business organizations experienced at least one cloud security breach incident last year. (Arguably the worst part here is that, when a system is breached, the average dwell time is 9 weeks.) Still, over 72% of businesses plan to continue investing in the cloud. So how do you make cloud computing a secure environment for sensitive business information?

Cyber threats are becoming more sophisticated, and enterprise security teams are under constant pressure to improve and enhance their threat detection and response capabilities. But as security teams expand their security logging tools and capabilities, the burden of monitoring those tools and investigating alerts grows exponentially.

When ChatGPT debuted in November 2022, it ushered in new points of view and sentiments around AI adoption. Workers from nearly every industry started to reimagine how they could accomplish daily tasks and execute their work — and the cybersecurity industry was no exception. Like shadow IT, new rogue AI tools — meaning AI tools that employees are adopting unbeknownst to the organization they work for — can pose security risks to your organization.

Security is, and always has been, a tough job. Security teams continue to face escalating cyberattacks while being bombarded by false positives and clocking more hours due to staffing shortages. However, security leaders and practitioners alike also understand that these crises are inevitable — and are increasingly focusing their efforts on recovering as quickly and efficiently as possible when disaster strikes.

Picture yourself, a threat hunter using Splunk, and the words "workflow action" are uttered by your helpful security Splunker... Workflow actions make you a faster and more effective security analyst. They allow you to skip the laborious steps of logging into various websites to do your job and just get straight to business.

According to reporting by several cybersecurity publications the 3CX Desktop Application has been exploited in a supply chain attack. The 3CX client is a popular VOIP and messaging application used by over 600,000 companies. From the article on Bleeping computer This supply chain attack, dubbed ‘SmoothOperator’ by SentinelOne, starts when the MSI installer is downloaded from 3CX’s website or an update is pushed to an already installed desktop application.

Attackers go through several stages to make an attack successful. And the last line in the defense system they aim to break is the command and control (C2). C2 attacks are a severe threat to organizations of all sizes and types because, if successful, adversaries can steal all your valuable data. To protect against these attacks, you should implement a security framework and robust policies, including technical and organizational measures.

CrowdStrike announced on 3/29/2023 that an active intrusion campaign was targeting 3CX customers utilizing a legitimate, signed binary, 3CXDesktopApp (CISA link). As the investigations and public information came out publicly from vendors all across the spectrum, C3X customers of all sizes began investigating their fleet for signs of compromise. These campaigns are often referred to as supply chain compromises, or MITRE ATT&CK T1195.

In a world with increased regulation, uncertainty in the banking business due to the climate or unforced errors, and liquidity concerns, the capability for risk management departments, auditors, and compliance departments to have timely access to reports and data that drive their decisions becomes more important than ever. Saying that you have enough data points is like saying you have enough security.