Almost a year ago to the day, on December 1 2022, Forescout Vedere Labs published a report detailing several hacktivist operations that targeted critical infrastructure in response to the Russian invasion of Ukraine and other geopolitical developments. Since the most recent chapter in the Hamas-Israel conflict started on October 7, there have been multiple similar claims of attacks from hacktivists taking opposing sides in the conflict.

New data sheds light on just how active the Initial Access Broker (IAB) business is, and the growth uncovered doesn’t bode well for potential victim organizations. There’s plenty of fodder in tech news about the use of IABs and their role in cyber attacks. But rarely do we get to see a more comprehensive analysis of just how much growth in both the number of brokers and posts of credentials for sale.

Another day, another warning about holiday scams! Lookout Inc., a data-centric cloud security company, is warning employees and businesses that phishing attacks are expected to more than double this week, based on historical data. With more corporate data residing in the cloud and a massive amount of employees still working remotely, mobile has become the endpoint of choice for the modern workforce.

The latest report from UK Finance paints a mixed picture of financial fraud in the United Kingdom, with losses exceeding £500 million in the first half of the year. However, amidst these concerning figures, there is a glimmer of hope as cyber fraud rates have shown a slight 2% decrease from the previous year.

Cybercriminals and threat actors use multiple vectors to infiltrate your IT network. They employ a series of coordinated steps as they… Impactful cyberattacks today are no longer executed as a simple virus with self-mutation capabilities, especially when many organizations rely on AI-enabled threat detection capabilities. They’re a lot more sophisticated.

One in two sites on AppTrana WAAP have faced a DDoS attack in the last 90 days. Most of those attacks were thwarted using a combination of machine learning on user behaviour and granular rate limits at URI, IP, and Geo levels. For SOC teams who don’t have an advanced behavioural DDoS mitigation tool like AppTrana at their disposal, this blog covers basic mitigation measures that can thwart the most simple and medium-severity DDoS attacks.

Clark County School District in Nevada, the fifth-largest school district in the United States, recently experienced a massive data breach. Threat actors gained access to the school district’s email servers, which exposed the sensitive data of over 200,000 students. The district is now facing a class-action lawsuit from parents, alleging it failed to protect sensitive personal information and take steps to prevent the cybersecurity attack.

Today’s adversaries increasingly use compromised credentials to breach target environments, move laterally and cause damage. When attackers are logging in — not breaking in — legacy endpoint security offers little help in detecting and stopping breaches. Exacerbating the problem is an expanding attack surface, largely due to the growth of remote work and evolving supply chains.