Windows Installers (.msi files) are a known vector of malware distribution. Although not quite common, they have been used by threat actors to distribute malware of all sorts. During July 2024, the Cyberint Research Team noticed somewhat of an uptick in the usage of malicious.msi files. Among the various samples we noticed a specific variant of malicious installer being actively used in the wild, disguised as legitimate applications or update installers and targeting Korean and Chinese speakers.

When it comes to the duration of a ransomware attack and the subsequent recovery process, the numbers are staggering and vary wildly. Partly because there’s no single source which compiles all the information in a consistent manner. On average, a cyber attack can last anywhere from a few days to several weeks, with the recovery time often extending to months or even years.

NIST has long been an important acronym in the world of cybersecurity, where organizations have for years used the NIST Cybersecurity Framework to help guide their security investments. But the practices and controls associated with NIST have evolved recently, due to the release of NIST 2.0. If you’re stuck in the era of NIST 1.x, it’s time to adapt.

Elizabeth Harz, CEO of Veriato, sits down with Chris Hughes from Acceleration Economy for an exclusive interview to discuss the evolving landscape of insider risk management.

In today's rapidly evolving cybersecurity landscape and complex compliance mandates, traditional Security Operations Centres (SOCs) are being transformed by the integration of artificial intelligence (AI) and machine learning (ML). At Splunk, we are no strangers to these technologies.

Developers and cybersecurity have an interesting relationship. Developers have no problem with security operations just as long as they’re not involved or adding security doesn’t slow down their development cycle. Thankfully, well-documented security operations — known as DevSecOps — assist with the software development lifecycle (SDLC) and perform mostly invisibly from the developer’s perspective.

As modern cyberattacks increasingly target cloud environments, it is imperative organizations have the technology they need to detect and stop them. The attack surface of cloud-native applications and infrastructure is quickly expanding. Cloud-native application protection platforms (CNAPPs) address the growing need for modern cloud security monitoring, security posture management, breach prevention and control tools to fully protect cloud environments.

On July 19, 2024, a flawed update in CrowdStrike Falcon's channel file 291 led to a logic error that caused Windows systems to crash, resulting in widespread BSOD (Blue Screen of Death) incidents. The impact was severe, disrupting critical infrastructure globally, from grounded flights to halted public transit systems. In fact, you’d have to have been living under a rock to have missed this incident.

Authentication is the process of verifying the identity of a user or system. It is a critical component of security, ensuring that only authorized individuals or entities can access sensitive information or systems. There are several methods of authentication, including knowledge-based factors (something you know, like a password), possession-based factors (something you have, like a security token), and inherence-based factors (something you are, like a fingerprint).