This week, I’m excited to announce Cloud Enrichment for AWS, GCP, and Azure. These enhancements are designed to accelerate incident response and unlock threat hunting capabilities by automatically combining the insights of your cloud network with the native control plane data from your cloud service provider.

LevelBlue Labs has identified a new evolution in the toolset of threat actors. Threat actors are hijacking legitimate anti-virus software to carry out malicious activities undetected. A new tool, named SbaProxy, has been found masquerading as legitimate anti-virus components to establish proxy connections through a command and control (C&C) server.

You may not know it, but much of your daily life depends on Industrial Control Systems(ICSs). From the power you're using right now to the water you drink, it all depends on Programmable Logic Controllers (PLCs) and other ICS tech to be delivered. In fact, nearly any time something in the physical world needs to be automated, there will be an ICS involved.

We explored the Red Hat State of Kubernetes security report 2024, one of our favorite yearly reports. It’s jam-packed with incredibly fascinating information about one of our favorite subjects—Kubernetes security. Imagine that! In this post we’ll review some of the more interesting data points and contrast them with results from prior years. We’ll also discuss our own perspectives and observations on how this affects you as a Kubernetes user.

Netskope and Wiz help organizations simplify and automate policy management across complex cloud environments. This partnership highlights the seamless integration between Wiz sharing security risk and threat insights to enable Netskope to modify existing policies or craft new ones automatically. Below, we present two of the primary use cases that customers leverage with our joint integration.

Researchers at Malwarebytes spotted a malvertising campaign that abused Google Ads to target people searching for Google Authenticator. If someone typed “Google Authenticator” into Google, the malicious ad would be at the top of the search results. The ad copied the website description from the real Google Authenticator, but would redirect users to a phishing site. “We can follow what happens when you click on the ad by monitoring web traffic,” the researchers explain.

Two deceptive tactics—spoofing and phishing—are at the core of many cyberattacks. Understanding these threats is essential for protecting your digital assets.

The API security landscape is changing rapidly, and cybercriminals are becoming increasingly sophisticated. According to the Salt Labs State of API Security Report 2024, API security incidents have more than doubled in the past 12 months, while API usage is rapidly increasing. Organizations are finding it challenging to keep up with the threats associated with expanding API ecosystems and fully understand their complex behavioral attributes.

The Cyber Security Agency of Singapore (CSA) has warned that threat actors are increasingly using AI to enhance phishing and other social engineering attacks, Channel News Asia reports. The CSA’s report found that cybercriminals are selling tools that automate these attacks, allowing unskilled threat actors to launch sophisticated attacks.