Trustwave SpiderLabs “noted” in Part 1 and Part 2 of our OneNote research that OneNote has been used as a malware delivery mechanism now we will shift gears and focus on several OneNote decoy notes SpiderLabs has discovered that deliver malware families like Qakbot, XWorm, Icedid, and AsyncRAT. While the malware payload can change, the techniques have generally been the same.

We recently issued the Cato Networks SASE Threat Research Report, which highlights cyber threats and trends based on more than 1.3 trillion flows that passed through the Cato SASE Cloud network during the second half of 2022. The report highlights the most popular vulnerabilities that threat actors attempted to exploit, and the growing use of consumer applications that may present a risk to the enterprise.

With so many threat intelligence solutions on the market today, it raises the question: What is threat intelligence and why do you need it? I won’t go into detail about what threat intelligence is; you can read about that here. Instead, I want to focus on the threat intelligence maturity journey — specifically, how advanced your organization is with respect to threat intelligence adoption and which CrowdStrike solution may be right for you.

Establishing a thriving security culture across your organization will rely heavily on your developer teams. Therefore, engaging with developers early and often while you build your security program is vital. In this playbook for Chief Information Security Officers (CISOs), we explore how to build a security culture across your organization by considering the following three things.

It’s important to keep your software up to date because updates enhance existing features, patch security flaws, add new security features, fix bug issues and improve performance for devices. Continue reading to learn more about software updates and how you can check if your software is up to date.

ARMO Platform has added the CIS EKS benchmark. Now, with Amazon Elastic Kubernetes Service (EKS) users can add this specific benchmark to the frameworks already available to them.

In our new threat briefing report, Forescout’s Vedere Labs provides details on the recent ransomware campaign targeting VMware ESXi virtualization servers, or hypervisors, and analyzes two payloads used in these attacks: variants of the Royal and Clop ransomware. We also present the tactics, techniques and procedures (TTPs) used by attackers in this campaign, discuss mitigation recommendations and list indicators of compromise (IOCs) that can be used for detection or threat hunting.

The ongoing geo-political crisis in Eastern Europe continues to be the scenario of deployment of a variety of payloads linked to information stealing and data/network destruction. The deployment of these payloads has been associated or contingent with Military actions as Microsoft and ESET have observed in some of their publications. These campaigns have targeted critical infrastructure affecting civilian populations in addition to military targets.