Malware as a Service is the unlawful lease of software and hardware from the Dark Web to carry out cyber attacks. The threat actors who use this service are provided with botnet services and technical support by the MaaS owners. This service opens doors to anyone with minimal computer skills to use and distribute pre-made malware. The data that is stolen is often sold to the highest bidder or left...

Tripwire's February 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month is a patch for Microsoft Defender for Endpoint that resolves a security feature bypass vulnerability. Next are patches for Microsoft Edge that resolve 15 vulnerabilities, including remote code execution, spoofing, and tampering vulnerabilities. Up...

Willie Sutton, the criminal who became legendary for stealing from banks during a forty year career, was once asked, "Why do you keep robbing banks?" His answer? "Because that's where the money is." However, today there's a better target for robbers today than banks, which are typically well-defended against theft... Cryptocurrency wallets. Trezor, the manufacturers of one of the world's leading...

Around 39 billion records were compromised between January and December of last year, according to Flashpoint’s 2022 A Year in Review report. While this result is quite staggering, it also sends a clear message of the need for effective database security measures. Database security measures are a bit different from network security practices. The former involves physical steps, software solutions...

We all know about the attacker who leverages their technical expertise to infiltrate protected computer systems and compromise sensitive data. This type of malicious actor ends up in the news all the time. But they’re not the only ones making headlines. So too are “social engineers,” individuals who use phone calls and other media to exploit human psychology and trick people into handing over...

The key to protecting your digital life Even those who consider themselves well educated about security threats - and do everything they have been taught to do - can still end up as a victim. The truth is that with enough time, resources, and skill, anything and anyone can be successfully attacked. This is why it is important to make it as time-consuming and impractical as possible for a motivated...

Deepfakes are forged images, audio, and videos that are created using Artificial Intelligence (AI), and Machine Learning technologies. According to the World Economic Forum (WEF), deepfake videos are increasing at an annual rate of 900%, and recent technological advances have made it easier to produce them. VMware states that two out of three defenders report that deepfakes were used as a part of...

Security threat actors are becoming smarter, and their attacks more devious. Staying ahead of cybercriminals and vulnerabilities is the only way to defeat the attackers at their own game. If you want to protect your organization from cyber threats, then you need to think like an attacker. Operational security, also known as OPSEC, is a discipline that considers the perspective of potential threat...

They’re far from old news: despite the hype about “increasingly sophisticated, automated attacks,” these 10 tried-and-true website security attacks are still top of the list for career malicious hackers. No one likes to work harder than they have to, and black hats are no different. Why repel from the ceiling when you could just try the front door? While these common exploits aren’t as simple as...

Governments play a key role in the continued operation of society. While getting a speeding ticket or paying taxes may not be anyone’s favorite thing to do, they contribute to the government’s ability to protect its citizens while maintaining its infrastructure and services. Cybersecurity is critical for all organizations and government agencies, as they may hold sensitive information on both...

OpenAI's ChatGPT chatbot has been a phenomenon, taking the internet by storm. Whether it is composing poetry, writing essays for college students, or finding bugs in computer code, it has impressed millions of people and proven itself to be the most accessible form of artificial intelligence ever seen. Yes, there are plenty of fears about how the technology could be used and abused, questions to...

A ransomware outfit is advising its victims to secretly tell them how much insurance they have, so their extortion demands will be met. As security researchers at Varonis describe, a new strain of the HardBit ransomware has taken the unusual step of asking targeted companies to spill the beans of whether they have cyber insurance (and the terms of that insurance) anonymously. According to a part...

Organizations are progressively moving towards a predominantly cloud-based computing environment. What this means is that essentially all of their back-end infrastructure, systems, and client-facing applications can be accessed and distributed through the cloud. Modern cloud computing goes a step further than simply being present in a virtual environment. Companies now have more flexibility and...

What Is Kubernetes Observability? Kubernetes observability refers to the ability to monitor and diagnose the performance and behavior of a Kubernetes cluster and its applications. This includes monitoring resource usage, tracking the status of pods and deployments, and identifying and troubleshooting errors. Observability tools for Kubernetes typically include metrics, logging, and tracing...

There’s a good chance that you have heard the word phishing or probably even been a victim in the past, however you do not understand what it really means and how to protect yourself from being a victim. According to CNBC, there were 225 million phishing attacks in 2022 which depicts a 61% increase from the number of reported cases in 2021. Sadly, as the number of cases increases, it is also...

As governments and organizations standardize and harmonize their responses to better mitigate the increasing number of cyber-attacks, so do cybercriminals. In Europe, security decision-makers and businesses face similar attack techniques as their global counterparts. While the methodologies employed are identical because they all rely on the same digital technologies exploiting similar...

Mail filters play a huge role in protecting organizations from cyberattacks. Even though their task is quite small, they are very important for an organization’s ability to deter many malicious phishing and spam emails before delivery to a person’s inbox. According to the IBM X-Force Threat Intelligence Index, 40% of attacks in the manufacturing industry are phishing attacks, and 1 in 3 employees...

Application dependencies occur when technology components, applications, and servers depend on each other to provide a business solution or service. Developers have a specific technology stack in mind when building solutions. This can typically include operating systems, database engines, and development frameworks (such as .Net or Java), as well as other infrastructure. There are various types of...

The owner of a Russian penetration-testing company has been found guilty of being part of an elaborate scheme that netted $90 million after stealing SEC earning reports. For nearly three years, 42-year-old Vladislav Klyushin - the owner of Moscow-based cybersecurity firm M-13 - and his co-conspirators had hacked into two US-based filing agents used by publicly-traded American companies to file...

As the world grows increasingly digital and dependent on the internet, cyberthreats are constantly evolving to clash with newer and more rigid security features. Despite cybercriminals’ propensity for finding new and innovative ways to take advantage of their targets, however, there are also tactics that have been in use since the early days of the internet. These tried-and-true methods continue...