%term

Understanding the basics of Cloud Security: Cloud Privilege Escalation

Mar 31, 2023 By Michael Osakwe In Nightfall

Cloud privilege escalation is a growing concern for organizations as they embrace cloud-based infrastructure and services. To address the risks associated with privilege escalation, it's vital to implement robust security practices. In this post, we’ll cover privilege escalation as it relates to cloud security risk and the best practices for mitigation.

Read Post

Nightfall

Read more about Understanding the basics of Cloud Security: Cloud Privilege Escalation

How to Scale a Cybersecurity Program Across the Expanding Attack Surface

Mar 31, 2023 By Rachel Holmes In BitSight

New security vulnerabilities are emerging every day. The number of new disclosed cyber vulnerabilities jumped 25 percent in 2022, and the number of known exploited vulnerabilities—ones observed to be exploited by malicious actors in the wild—nearly doubled from 2021 to 2022. Remediating vulnerabilities rapidly and effectively reduces the likelihood of your organization becoming the victim of a cyber attack. Consider.

Read Post

BitSight

Read more about How to Scale a Cybersecurity Program Across the Expanding Attack Surface

What is SASE? #shorts

Mar 31, 2023 By Cato Networks In Cato Networks

Cato Networks provides the world’s first converged SD-WAN and network security cloud platform built for digital business transformation. Cato connects all data centers, branches, mobile users, and cloud resources into a secure, global network uniquely powered by the scalability, self-service, and agility of the cloud. Cato empowers you to connect, secure, and run the network yourself, and supports you with expert-managed services if you need them.

View Video

Cato Networks

Read more about What is SASE? #shorts

Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise

Mar 31, 2023 By Splunk Threat Research Team In Splunk

CrowdStrike announced on 3/29/2023 that an active intrusion campaign was targeting 3CX customers utilizing a legitimate, signed binary, 3CXDesktopApp (CISA link). As the investigations and public information came out publicly from vendors all across the spectrum, C3X customers of all sizes began investigating their fleet for signs of compromise. These campaigns are often referred to as supply chain compromises, or MITRE ATT&CK T1195.

Read Post

Splunk

Read more about Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise

What is SSE? #shorts

Mar 31, 2023 By Cato Networks In Cato Networks

Security Service Edge provides secure access to the internet- and cloud-based applications without directly addressing global application access optimization and east-west WAN traffic security. Extended visibility and control to all traffic is a key feature in competing SSE architectures.

View Video

Cato Networks

SSE
Security

Read more about What is SSE? #shorts

Visible Risks Assessments in the Financial Services Industry

Mar 31, 2023 By Nimish Doshi In Splunk

In a world with increased regulation, uncertainty in the banking business due to the climate or unforced errors, and liquidity concerns, the capability for risk management departments, auditors, and compliance departments to have timely access to reports and data that drive their decisions becomes more important than ever. Saying that you have enough data points is like saying you have enough security.

Read Post

Splunk

Read more about Visible Risks Assessments in the Financial Services Industry

Spear Phishing: The Ultimate Guide To Seeing & Stopping Spear Phishing

Mar 31, 2023 By Joseph Nduhiu In Splunk

When it comes to cyberattacks, the human dimension of the cybersecurity environment is a complex vulnerability. Without awareness, any employee, contractor or user is the most unprotected asset. A person who can be easily exploited with a social engineering attack. Because of inherent human characteristics — ignorance, fear, misplaced trust — people are by nature very susceptible to being manipulated to let down their guard.

Read Post

Splunk

Read more about Spear Phishing: The Ultimate Guide To Seeing & Stopping Spear Phishing

Command and Control: Understanding & Defending Against C2 Attacks

Mar 31, 2023 By Laiba Siddiqui In Splunk

Attackers go through several stages to make an attack successful. And the last line in the defense system they aim to break is the command and control (C2). C2 attacks are a severe threat to organizations of all sizes and types because, if successful, adversaries can steal all your valuable data. To protect against these attacks, you should implement a security framework and robust policies, including technical and organizational measures.

Read Post

Splunk

Read more about Command and Control: Understanding & Defending Against C2 Attacks

How Torq Remediates the 3CX Supply Chain Attack

Mar 31, 2023 By Torq In Torq

By Dallas Young Sr. Technical Marketing Manager, Torq According to researchers, the 3CX Voice over Internet Protocol (VoIP) desktop program for Windows and MacOS, which boasts over 600,000 customers and 12m daily users, has been compromised by a DLL sideloading attack and used in several supply chain attacks. 3CX is a private branch exchange (PBX) system, a private telephone network used within a company or organization.

Read Post

Torq

Read more about How Torq Remediates the 3CX Supply Chain Attack

The New Face of Fraud: FTC Sheds Light on AI-Enhanced Family Emergency Scams

Mar 31, 2023 By Stu Sjouwerman In KnowBe4

The Federal Trade Commission is alerting consumers about a next-level, more sophisticated family emergency scam that uses AI that imitates the voice of a "family member in distress". They started out with: "You get a call. There's a panicked voice on the line. It's your grandson. He says he's in deep trouble — he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You've heard about grandparent scams. But darn, it sounds just like him.

Read Post