Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On May 31st, 2024, a Proof of Concept (PoC) exploit and technical analysis were published for a pre-authentication Remote Code Execution (RCE) exploit chain impacting Telerik Report Server, a product by Progress designed for streamlined report management within organizations.

On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed in several Arctic Wolf Incident Response cases, each exhibiting similar elements. All victim organizations were located in the United States, 80% of which were in the education sector and 20% in the recreation sector. We are sharing details of this emerging variant to help organizations defend against this threat.

Earlier this year we stated that bot attacks can be run by anyone, from skilled individuals to organised gangs. Bots can hit websites for a number of reasons. Common attacks include credential cracking to account takeover, to scalping. These bots have the power and capability to conduct multiple attacks repeatedly. Those actions have long seen standard for bots though, so what is new in the world of bot attacks? What is making these attacks more sophisticated?

Maybe you’re considering AICPA SOC 2 certification? Aikido was recently examined to check that our system and the design of our security controls meet the AICPA’s SOC 2 requirements. Because we learned a lot about SOC 2 standards during our audit, we wanted to share some of the insights that we think might be helpful to someone starting the same process. Read our top tips on becoming ISO 27001:2022 compliant.

In the rapidly evolving landscape of technology, the fusion of Artificial Intelligence (AI) and cybersecurity is creating both exciting opportunities and formidable challenges. The recent breakfast briefing on the historic HMS Belfast served as a critical forum for industry leaders to explore these issues in depth.

While both locker and crypto ransomware are types of ransomware, there is one key difference between the two. The main difference between locker and crypto ransomware is that locker ransomware locks an entire device whereas crypto ransomware only encrypts files and data stored on the infected device. Keep reading to learn more about locker and crypto ransomware and how your organization can prevent these and other ransomware attacks.

SAP recently announced the end-of-life for SAP Identity Manager (IDM). This announcement required SAP to establish guidelines for existing customers to transition away from the platform with other products. One Identity is a leading vendor of choice for this migration due to its well-established market presence and robust SAP solutions support. In this two-part blog series, we will shed some light on how One Identity can seamlessly integrate with SAP products, starting with its certified ABAP connector.

In a recent webinar, NeoSystems and Deltek unveiled a strategy to help government contractors, compliance officers, and IT professionals achieve Cybersecurity Maturity Model Certification (CMMC) swiftly and with minimal risk. Here’s a synthesis of the critical points discussed, offering valuable guidance on how to navigate the complexities of CMMC.

Choosing the right software to defend your organization, both in real-time and in retrospect, is one of the most important decisions an organization can make. Security teams need to be able to view activity and affect access quickly, and that becomes more difficult at bigger, complex enterprises. A classical approach to this problem is role-based access control (RBAC), but for many organizations, multitenancy is a better fit.

The Red Team Chronicles is a hacker comic that this month is looking at the endeavors of Jason Haddix and how he and his team got access to a bank via a shred bin using some thrifty techniques.