Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ransomware-as-a-service is a business model where ransomware operators and third parties, called “affiliates,” work together to launch ransomware attacks. RaaS was first identified in 2012 with the Reveton ransomware strain, and in the subsequent decade it has exploded into a sophisticated and ever-evolving cybercrime tactic.

Azure RBAC is basically a mature system of fine-grained access management for the Azure resources. Azure RBAC enables you to grant users, groups, service principals, and managed identities access to Azure resources, as a scope specifies. These scopes can be a subscription, a resource group, or even a single resource. RBAC assists in making sure that only approved users can control or manipulate particular resources and therefore shields Azure settings.

Software security is not a set-it-and-forget-it process, but regular monitoring is important. Now, the Open Web Application Security Project (OWASP) is a non-profit foundation that provides a wealth of information about web application security. They have provided a list of the Top 10 Web Application Security Risks.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! There’s that old saying about whatever you post on the internet will haunt you forever…

In December 2024, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and International Partners published a guide for “protecting communications infrastructure” in response to the discovery that a stealthy Chinese government threat actor, Salt Typhoon, had infiltrated a number of US telecommunications firms.

Passwords, PINs, and codes aren’t just part of your online world. From hotel safes and Wi-Fi passwords to gym lockers and alarm codes, you often need access to data that’s tied to a specific location in the real world (and in the case of alarm codes, you need it in a hurry). Wouldn’t it make life so much easier if you had a simple, quick way to find those items exactly when and where you need them? Well, now you can, thanks to a new capability in the 1Password app.

Read also: Wazawaka gets 18 months of “limited freedom” in Russia, the US charges Silk Typhoon hackers, and more.

Most people know not to click on obvious spam emails, but today’s scams are polished, highly personalized, and AI-powered. Whether it’s a fake banking alert, a deepfake customer service call, or a cloned e-commerce website, social engineering fraud often spreads fast. When customers see familiar branding, hear a confident voice, or receive a message that appears to come from a trusted source, it’s easy to comply and get duped.

The cybersecurity landscape has dramatically shifted with the rise of cloud computing. While Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) have proven valuable in protecting traditional endpoints, the cloud introduces a new set of challenges. This post examines why these solutions, rooted in endpoint-centric approaches, may fall short in the cloud, highlighting the need for a new generation of cloud protection strategies designed for SaaS, IaaS, and PaaS environments.

EncryptHub, a rising cybercriminal entity, has recently caught the attention of multiple threat intelligence teams, including our own (Outpost24’s KrakenLabs). While other reports have begun to shed light on this actor’s operations, our investigation goes a step further, uncovering previously unseen aspects of their infrastructure, tooling, and behavioral patterns.