Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Before you prove your humanity to a pop up, make sure you’re not accidentally downloading malware.

Ransomware attacks targeting utilities have surged by 42% over the past year, with spear phishing playing a major role in 81% of cases, according to a ReliaQuest study spanning November 2023 to October 2024. Analyzing data from its GreyMatter platform and dark web activity, ReliaQuest found that utilities like water and energy systems are disproportionately affected. Their critical role in infrastructure makes them prime targets for cybercriminals.

Stealer logs and the infostealers that harvest them form a key part of the threat landscape and cybercriminal ecosystem. Infostealers, which are also referred to as stealer malware, are deployed by threat actors to facilitate data theft from compromised devices. This data typically contains sensitive and valuable personal information including credentials, hardware or software information, IP addresses, browser cookies, and more.

Ransomware continues to be one of the most pervasive and costly cyber threats facing organizations worldwide. More than 40% of organizations surveyed by ESG research experienced a successful ransomware attack in the previous 12 months, and 32% were successfully attacked more than once. The consequences of failing to protect against ransomware can be devastating for any business. Beyond financial loss, victims can suffer operational downtime, reputational damage and potential regulatory fines.

Despite a ransomware payment controversy, some companies still decide to yield to the attacker’s requests. Doing so may seem like the easiest way out, but it comes with its own set of complications, both ethical and legal.

DLL side-loading is a popular technique used by threat actors to execute malicious payloads under the umbrella of a benign, usually legitimate, executable. This allows the threat actor to exploit whitelists in security products that exclude trusted executables from detection. Among others, this technique has been leveraged by APT41 to deploy DUSTTRAP and Daggerfly to deliver Nightdoor backdoor.

We're thrilled to share some big news; Rubrik Security Cloud - Government has officially achieved FedRAMP Moderate authorization! What does this mean for your agency and the citizens you serve? Well, it's a significant milestone that reinforces our commitment to protect your data and deliver cyber resilience in accordance with top-tier federal cybersecurity standards.

In December 2024, Arctic Wolf Labs observed a mass exploitation campaign involving Cleo Managed File Transfer (MFT) products for initial access. The execution chain involved an obfuscated PowerShell stager, a Java loader, and ultimately a Java-based backdoor, which we will refer to as Cleopatra. In this article we will provide insight into the execution chain in this campaign, obfuscated malicious payloads deployed, and surrounding threat intelligence context around these activities.

Did you know that 59% of organizations have been hit by ransomware, with Active Directory (AD) often being the primary target for attackers seeking credential theft and privilege escalation? With AD being basically the heart of enterprise IT from the permissions management and granting view, these ransomware threats automatically go against it and hence protecting them is pretty much important so to keep the organization safe.