USAA Auto Insurance is one of the leading insurance companies in the country today and is known for offering reliable coverage to many people in the country. The organization was founded in 1922 with a group of Army officers and has since expanded dramatically. The organization serves millions of individuals and has detailed information for so many customers that it's a real risk that the company recently went through a data breach.

Summer is here, and things are heating up in the cybersecurity sphere. June saw a third-party vulnerability spiral into the furthest-reaching cyber attack of the year thus far, while separate attacks cut into summer plans for gamers, vacationers, and commuters alike.

It has been another significant week for data breaches in the United States. TSMC, the largest semiconductor company in the world, was hit by an attack that will impact major companies like Apple and others, and so were a huge number of insurance companies. Jackson NAtional, Talcott Resolution, and USAA were all victims of data breaches. So was UCLA, the massive public university.

On the 6th of July 2023, a joint advisory was published by CISA, the FBI, and CCCS (Canadian Center for Cyber Security) warning of a malware campaign actively exploiting a Remote Code Execution (RCE) vulnerability in Netwrix Auditor (CVE-2022-31199) for initial access.

Since the Domain Name System (DNS) protocol is foundational for internet functionality, DNS traffic is allowed to move through firewalls without much scrutiny unlike HTTPS, FTP and SMTP. Malicious actors have successfully been able to exploit this advantage to transfer data between networks, which is beyond the original intention of DNS protocol.

On July 6th, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released an advisory highlighting the newly identifying Truebot malware variants. Truebot (also known as Silence Downloader) is a botnet that has been used by the CL0P ransomware gang to collect and exfiltrate stolen target victim information.

SOC 2 (Service Organization Control 2) provides a framework for assessing and reporting on the security, availability, processing integrity, confidentiality, and privacy of systems and data of service organizations. It was developed by the American Institute of Certified Public Accountants (AICPA) to address the need for consistent and comprehensive security and privacy controls in service organizations.

StackRot, identified as CVE-2023-3269 is a 7.8 HIGH use-after-free vulnerability in the Linux kernel versions 6.1 to 6.4 that can lead to privilege escalation. The vulnerability, which was disclosed by Ruihan Li who also released detailed information about it, is caused by a change in the VMA (Virtual Memory Address) tree structure from using red-black trees to maple trees.

Cloud testing tools are a set of software and hardware components that allow developers, testers, and IT professionals to test applications in the cloud. These tools give companies access to an array of cloud resources they can use for testing purposes. The cloud can provide a more cost-effective, agile, and scalable platform for testing applications compared to traditional on-premise systems.

If you have been reading our hunting series, you may have noticed that many threat hunting techniques center on network-centric data sources. Thus far, we have yet to speak about the big kahuna in our hunting tool chest. We are rectifying that right here, right now: we are going to talk about Microsoft Sysmon! In this article, we’re looking at using Sysmon to hunt for threats in endpoints.We’ll highlight some of the most valuable places to start hunting in your Windows logs.