In October 2022, a novel ransomware named Prestige was found targeting logistics and transportation sectors in Ukraine and Poland. According to Microsoft, victims affected by Prestige overlap with previous victims targeted by HermeticWiper, spotted in February 2022. The research also shows that the attackers deployed the ransomware within an hour between all victims, abusing highly privileged domain credentials to deploy the payload.

The first Elastic Global Threat Report was published earlier this week. In it, you will learn about trends observed by our threat researchers, our predictions for what’s coming next, and some of our recommendations to operate securely in the face of today’s and tomorrow’s threats. If you haven’t read it yet, go check it out. As a technical leader in Elastic Security, I'd like to reveal a small amount about what goes into reports like this one and why it’s significant.

Migrating to the Cloud brings many advantages for companies. First of all, they reduce their operating costs by almost 40%. They also increase their agility, reduce the maintenance time of traditional IT infrastructures, and gain flexibility and scalability. However, as the number of workloads deployed in the Cloud grows, more and more organizations are struggling to keep pace with security requirements.

The increasing use of cell phones has automatically led to unimaginable height of sharing of personal information online. Most routine actions, from providing information over the phone to opening a bank account to placing food orders, may now be accomplished from the convenience of your own home. While the telecom sector has enabled remote procedures, it has also hastened the spread of identity fraud and financial schemes.

Internal reconnaissance is one of the first steps an attacker will take once they have compromised a user or computer account in your network. Using various tools or scripts, they enumerate and collect information that will help them identify what assets they should try to compromise next to get what they want. For example, BloodHound will map out attack paths that can enable an adversary to escalate their privileges from ordinary user to admin.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Normally the articles I share come as some surprise. This week I don’t think any one of them meets that criteria…. So let’s start with the first non-surprise then… With silly shopping season ahead of us it comes are utterly no surprise that eCom stores are under attack.