Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Researchers at IBM X-Force are tracking several large phishing campaigns spreading an updated version of the Grandoreiro banking trojan. The criminal malware operation was disrupted by law enforcement in January 2024 but resurfaced in March with an expanded set of targets. The new version of the malware is targeting more than 1,500 banks in over sixty countries.

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem. If you’ve read enough of my articles here, you already know my view is a bit skewed towards the need for organizations to be aware of the true dangers of email-based cyber attacks.

RSA Conference, held annually in San Francisco in the spring, defines itself as an information security event that connects industry leaders and highly relevant information. 50,000 people attended in 2024, and of course, the Sumo Logic team was there to offer insights and to learn from others at the conference. During a LinkedIn Live from the show, Sumo Logic VP of Product Marketing Michael Cucchi talked about the show floor being noisy and repetitive.

AI is everywhere—but how can you be sure that your data isn’t being used to train the AI models that power your favorite SaaS apps like Slack? This topic reached a fever pitch on Hacker News last week, when a flurry of Slack users vented their frustrations about the messaging app’s obtuse privacy policy. The main issue?

Today, organizations are confronted with a multitude of cybersecurity risks, both from external and internal threats. The global cost of cybercrime is projected to exceed $10 trillion by 2025. In 2023, a staggering 72% of all organizations worldwide fell victim to ransomware attacks, which is just one type of threat. The reality is that cyber threats are pervasive, and the adversaries behind them are becoming increasingly sophisticated with each passing year.

Organizations’ zero-trust policies and identity-centric programs ensure that user identities and login credentials are vigorously protected with IAM policies and security tools like MFA or IP restrictions. However, the situation is very different regarding non-human identities (NHI) like API keys, OAuth apps, service accounts, and secrets. Lack of visibility, monitoring, and governance of this permissive access is everywhere, and attackers have figured it out.

In an era marked by an increasing volume and sophistication of cyber threats, the efficiency of your SOC operations has become more important than ever. SOCs are flooded by a daily barrage of attacks and alerts, with a significant portion being false positives, leading to alert fatigue and the potential for genuine threats to slip through the cracks.

In Kubernetes, managing and analyzing network traffic poses unique challenges due to the ephemeral nature of containers and the layered abstraction of Kubernetes structures like pods, deployments, and services. Traditional tools like Wireshark, although powerful, struggle to adapt to these complexities, often capturing excessive, irrelevant data – what we call “noise.”

User Account Control (UAC) serves as a security feature in Windows, aiming to safeguard the operating system from unauthorized modifications. Whenever alterations demand administrator-level permissions, UAC prompts the user, allowing them to either authorize or reject the requested change. User Account Control (UAC) provides several benefits, especially in maintaining security and minimizing risks associated with administrative privilege.

Critical infrastructure facilities operated by the private and public sectors face a complex and continuously growing web of security threats that are compounded by the increasing convergence of information and operational technology (OT) in this area.