Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

More than just introducing XDR today, Cato announced the first XDR solution to be built on a SASE platform. Tapping the power of the platform dramatically improves XDR’s quality of insight and the ease of incident response, leading to faster incident remediation. “The Cato platform gives us peace of mind,” says Shayne Green, an early adopter of Cato XDR and Head of security operations at CloudFactory.

Application Programming Interfaces (APIs) are the backbone of modern software development, enabling seamless communication between various systems and services. As organizations increasingly rely on APIs to power their applications and services, the need for robust API management and monitoring solutions becomes paramount. Capturing API calls and gaining insights into their behavior can significantly enhance the development, troubleshooting, and security of APIs.

Safeguarding data in today’s cyber landscape is no small feat. And with data growing at an explosive rate, more than 65 percent of IT and security leaders surveyed believe their organization’s current data growth is outpacing their ability to secure this data and manage risk, as found in the latest Rubrik Zero Labs State of Data Security report.

Multi-Factor Authentication (MFA) has become a cybersecurity necessity for protecting online accounts. It ensures that only authorized users can access an account. However, when picking an MFA method, some options are more secure than others. An authenticator app is safer than SMS authentication because it generates 2FA codes locally, which prevents cybercriminals from intercepting the codes as they can with SMS.

On January 19, Microsoft issued an advisory disclosing a cybersecurity incident targeting their M365 tenants and attributing the attack to Midnight Blizzard, a state-sponsored actor also known as Nobelium and APT29. Following this, on January 24, the Microsoft team expanded on the initial announcement with a comprehensive blog post providing more insights about the attack and outlining specific tactics, techniques and procedures leveraged by the threat actor.

Azura Vascular Care operates a national network of health and wellness centers. They specialize in minimally invasive procedures and strive to treat vascular conditions in comfortable, out-patient settings. They offer healthcare in 25 states with multiple facilities and specialized teams. At the end of last year (2023), Azura discovered a threat actor within their network environment; officials removed the threat, but not before the criminals obtained 348k patient records.

Trustwave SpiderLabs is wrapping up a multi-month investigation into the threats facing the education sector, across higher education, primary and secondary schools. Trustwave will post the 2024 Education Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report on February 22, but here are a couple of early findings along with a round-up of some of the higher-profile attacks on education targets that have taken place in the last year.

As the popularity of SaaS apps continues to grow, security analysts expect the misuse of such apps as the host for malware downloads to continue to rise through 2024. I’ve provided plenty of examples on this blog of threat actors using cloud-based SaaS applications to host impersonated websites and malicious downloads. The credibility of such sites aids the cybercriminal, as traffic to and from reputable sites have a tendency to get past security solutions.

Researchers at Volexity warn that the suspected Iranian threat actor CharmingCypress (also known as “Charming Kitten” or “APT42”) has been launching spear phishing attacks against Middle Eastern policy experts. “Throughout 2023, Volexity observed a wide range of spear-phishing activity conducted by CharmingCypress,” the researchers write.

In an ideal world, patching every vulnerability before attackers discover them would be a breeze. The reality of the evolving cloud-native landscape, with its ever-changing mix of cloud, DevOps, mobile, and critical infrastructure, paints a different picture. New risks emerge constantly, leaving traditional vulnerability management approaches struggling to keep up. Meanwhile, Security and DevOps teams face ongoing pressure to protect their organizations from vulnerabilities.