Researchers at the Lookout Threat Lab have discovered a new Android surveillance tool which we attribute with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Named BouldSpy for the “BoulderApplication” class which configures the tool’s command and control (C2), we have been tracking the spyware since March 2020.

The cloud is king. 94% of organizations rely on the public cloud in some capacity, and 84% have a “multi-cloud” strategy. The rise of hybrid and remote work, the proliferation of software-as-a-service (SaaS) and Internet of Things (IoT) devices, and the general digitization of once analog industries has turned the cloud into a “must-have,” especially with its pricing, space, and ability to be accessed from anywhere. But with new technologies comes new threats.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Oooo, that could be unfortunate for some users….

Vulnerability scanning and penetration testing should be an essential part of your cybersecurity strategy. This blog discusses the above methods in the context of securing your web applications, including the benefits, drawbacks, and compliance implications. Table of contents: What is a vulnerability scan? What is a penetration test? What are the drawbacks of the traditional pen test model? Should I only to pen tests, vulnerability scans, or both?

Point32Health is a health company based in Canton, Massachusetts. This company oversees a variety of different health plans and is responsible for maintaining health care for some key universities. For example, the company manages Tufts Health Plan, Harvard Pilgrim Health, and Integra Partners, to name a few. The business employs more than 1,100 people and generates over $9.4 billion in revenue annually.

Read also: The iSpoof scam website founder pleads guilty, Google is suing the distributors of CryptoBot malware, and more.

Using groups is a best practice for Active Directory management. This article describes the two types of Active Directory groups — security groups and distribution groups — and offers guidance for using them effectively.

New data shows how poorly organizations are at identifying – let alone removing – an attacker's foothold, putting themselves at continued risk of further attacks and data breaches. We’d like to think our security stance includes some really great abilities to detect, investigate, detect, and remediate an attack.

Most cybersecurity professionals know that cyber breaches increase each year. So it’s no surprise that the cybersecurity insurance business also keeps growing briskly. According to data from Markets and Markets and Polaris Market Research, the cyber insurance market swelled to $11.9 billion worldwide in 2022, up from $10.1 billion the previous year, and is projected to grow to more than $29 billion by 2027.