Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How often do you scan QR codes without a second thought? What if that innocent decision could expose you to a growing threat in the digital landscape? QR codes—short for quick response codes—have soared in popularity, becoming essential in our digital era. Originally designed for industrial tracking, their ease of use has made them a go-to tool for information sharing.

Anybody who monitors logs of any kinds, knows that the extracting useful information from the gigabytes of data being collected remains one of the biggest challenges. One of the more important metrics to keep an eye on are all sorts of logons that occur in your network – especially if they originate on the Internet – such as VPN logins.

If a malware attack is successful, it can result in lost revenue, unexpected down time, stolen data, and more costly consequences. With over 450,000 new malicious programs registered each day by independent IT security institute AV-Test, malware may be the biggest threat to your organization. There are many different types of malware and attackers are continually innovating more complex, harder-to-detect versions. Now is the time to take proactive steps to protect your organization.

A correlation between ATT&CK Mitigations and CIS Controls, often termed as a ‘high-level’ mapping, show case the count of mapped ATT&CK (Sub-)Techniques within each ATT&CK Mitigation. Additionally, it provides the total number of ATT&CK (Sub-)Techniques associated with the respective ATT&CK Mitigation. Mitre attack mapping accurately and consistently maps adversary behaviors relevant to ATT&CK techniques as part of cyber threat intelligence (CTI).

Most WAF providers rely on reactive methods, responding to vulnerabilities after they have been discovered and exploited. However, we believe in proactively addressing potential risks, and using AI to achieve this. Today we are sharing a recent example of a critical vulnerability (CVE-2023-46805 and CVE-2024-21887) and how Cloudflare's Attack Score powered by AI, and Emergency Rules in the WAF have countered this threat.

Not every criminal illegally entering a business is looking to steal cash, equipment, or merchandise; some are looking to take something a bit more ephemeral. This scenario is particularly true for organizations, such as offices, insurance offices, or law firms not traditionally targeted by your everyday, run-of-the-mill burglar. The threat actors are out for information, giving them access to the organization’s network, which can lead to serious damage.

Security analysts continue to face an ever-evolving threat landscape, and their traditional approaches are proving to be quite limited. They continue to be overrun with security alerts, and their SIEMs often fail to properly correlate all relevant data, leaving them more exposed to cyber threats. These analysts require a more effective method to understand threats faster and reduce security risks in their environment.

Third-party risk is everywhere and the cybersecurity posture of those third parties is more important now than ever before. With organizations using 130 SaaS solutions on average, onboarding the “wrong” vendor — one that doesn’t share the same cyber practices or hygiene as you do, or that sharing sensitive data with would be cause for concern — could land an organization in hot water.