Setting controls at the organizational level This is a continuation of my series on Automating Cybersecurity Metrics. As a reminder I’ve recently been considering how to protect domain names migrated to a single AWS account in an organization that is dedicated for that purpose. I’ve considered the pros and cons of using various IAM functions […]
Cyber News, Cyber Threat Trends
A new critical remote code execution (RCE) flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application. “The vulnerability is achieved through CSRF (cross-site request forgery) on the ubiquitous SCM service Kudu,” Ermetic researcher Liv Matan said in a report shared with The Hacker News. […]
Cyber News, Cyber Threat TrendsThe Chainalysis report found that victim organizations are increasingly reluctant to pay ransom demands
Cyber News, Cyber Threat TrendsA group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. As one example, we present a […]
Cyber News, Cyber Threat Trends
Cybercriminals are increasingly leveraging malicious LNK files as an initial access method to download and execute payloads such as Bumblebee, IcedID, and Qakbot. A recent study by cybersecurity experts has shown that it is possible to identify relationships between different threat actors by analyzing the metadata of malicious LNK files, uncovering information such as the […]
Cyber News, Cyber Threat TrendsA group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. As one example, we present a […]
Cyber News, Cyber Threat TrendsIn the first two blogs in this series, we discussed properly setting up IAM and avoiding direct internet access to AWS resources. In this blog, we’ll tackle encrypting AWS in transit and at rest. Sometimes, despite all efforts to the contrary, data can be compromised. This can occur due to data leakage through faulty apps or systems, […]
Cyber News, Cyber Threat TrendsFTX founder already charged with fraud and money laundering
Cyber News, Cyber Threat TrendsFTX founder already charged with fraud and money laundering
Cyber News, Cyber Threat Trends