How Well Do You Know Your Attack Surface? Five Tips to Reduce the Risk of Exposure

In an increasingly connected digital landscape, the security of your organization’s data and publicly facing assets is more critical than ever. According to the CrowdStrike 2023 Threat Hunting Report, more than 20% of all interactive intrusions are associated with the exploitation of public-facing applications. As an organization’s attack surface expands and cyberthreats proliferate, it is imperative IT and security teams take a proactive approach to safeguarding their digital footprint.

Cyber Attack on Merck | Cyber Insurance

This case concerns a cyber attack on the pharmaceutical company, Merck, which, while not part of the national infrastructure, plays a crucial role in the healthcare ecosystem. The argument arises about whether they should be considered as critical as hospitals, as they supply medications and treatments, essentially acting as wizards in the healthcare industry.

CVE-2023-38545: High Severity cURL Vulnerability Detection

On October 11 a new version of curl (8.4.0) was released, where a couple of new vulnerabilities were fixed (CVE-2023-38545 with severity HIGH and CVE-2023-38546 with severity LOW). These issues were previously announced in the project’s discussion. At the time of this blog, there have been several proof of concepts released for CVE-2023-38545 which result in crashes, but not exploitation.

Patient Privacy: Preventing Data Leakage in Healthcare

The healthcare industry has rapidly embraced digital technologies to enhance patient care, streamline operations, and improve communication. However, this digital transformation brings with it a significant challenge: protecting patient data. One often overlooked risk comes from tracking pixels, which can lead to (accidental) data leakage and privacy breaches.

Business Email Compromise Attempts Skyrocket in the Last Year

Threat actors launched 156,000 business email compromise (BEC) attempts per day between April 2022 and April 2023, according to Microsoft’s latest Digital Defense Report. While most of these attempts go unanswered, criminals can receive massive payouts when they succeed.

PAM and Cloud Security: The Case for Zero Standing Privileges

The cloud has introduced entirely new environments, roles and circumstances that require us to reimagine the definition of privileged access management (PAM) and how to apply those principles to secure identities. PAM was built on the notion that identities must be secured, not just managed, to protect an organization’s most valuable assets. The well-recognized values of PAM remain highly desirable – least privilege, role-based access control and auditability of high-risk sessions.

"Human-Operated" Ransomware Attacks Double in the Last Year

As attackers leave little-to-no traces of their attack patterns, more ransomware groups are shifting from automated attacks to manual attacks. According to the newly-released Microsoft Digital Defense Report 2023, about 40% of the ransomware attacks detected were human-driven and tracked back to over 120 ransomware-as-a-service (RWaaS) affiliates. This spike in human-operated ransomware attacks likely goes back to attackers wanting to minimize their footprint within an organization.

Integrate GitGuardian With Your Azure Repos

Are you building your applications on Azure? Good news, it is now easier than ever to integrate GitGuardian with Azure repos. Azure is one of the most popular cloud platforms out there. Now, GitGuardian users can integrate their Azure Repos in two different ways: at the organization level or the instance level.

The Role of AI in Email Security and How Real-Time Threat Intelligence Can Supercharge Your SOC Team

In response to improved email security measures, cybercriminals have pivoted to more advanced attack methods, namely artificial intelligence (AI), that bypass existing protections. But security defenders are also using AI in remarkable new ways to fortify their networks. Join Erich Kron, Security Awareness Advocate for KnowBe4, and Michael Sampson, Principal Analyst at Osterman Research, as they dig into the findings of our latest joint report on The Role of AI in Email Security. They’ll share tips on how your SOC team can identify and use AI to supercharge your anti-phishing defense.