White House urges US businesses: Protect against potential Russian cyberattacks

On Monday, the White House told US business leaders to toughen up their cybersecurity defenses against a potential cyberattack from Russia. "The Biden-Harris Administration has warned repeatedly about the potential for Russia to engage in malicious cyber activity against the United States in...

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

Summary The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, National Security Agency NSA, Australian Cyber Security Centre ACSC, Canadian Centre for Cyber Security CCCS, the Computer Emergency Response Team New Zealand CERT NZ, the New Zealand...

Magecart Skimmers Are Alive and Well – Constant Vigilance Is Required

Magecart skimmers are here to stay, and they’re becoming more sophisticated, more creative, and harder to detect. In this post, we reveal a new skimmer infrastructure that targets ecommerce sites all over the world with advanced methods of detection evasion and obfuscation...

Build a Modern Ransomware Protection Strategy

With ransomware heavily targeting critical industries in 2021, find out how you can establish a strong cybersecurity defense strategy against this evolving, costly threat...

The features all Incident Response Plans need to have

By Paul Lee, Yuri Kramarz and Martin Lee. Adversaries are always growing their capabilities and changing their tactics, leading to a greater number of incidents and data breaches. This is supported by organizations such as ITRC who reports that the number of data breaches in 2021 is already...

Lyceum group reborn

This year, we had the honor to be selected for the thirty-first edition of the Virus Bulletin conference. During the live program, we presented our research into the Lyceum group also known as Hexane, which was first exposed by Secureworks in 2019. In 2021, we have been able to identify a new...

Staying current with HITRUST advisory changes

As a result of an ever-evolving threat landscape, compliance requirements are proliferating at an unprecedented rate. It can be overwhelming to keep up with the staggering number of new and updated regulations, compliance frameworks, and standards. HITRUST®, founded in 2007, recognized this...

The pitfalls of relying only on your ISP for DDoS protection

Relying on your Internet Service Provider ISP for DDoS protection is like going to a restaurant known for the freshest, tastiest seafood and ordering beef. Sure, they have it on the menu and they are happy to sell it to you, but the experience is not likely to compare well to what you’d have in a...

QakBot technical analysis

Main description QakBot, also known as QBot, QuackBot and Pinkslipbot, is a banking Trojan that has existed for over a decade. It was found in the wild in 2007 and since then it has been continually maintained and developed. In recent years, QakBot has become one of the leading banking Trojans...

Micro Frontend Guide: Overview

How can you get the most out of your web applications? Explore why Micro Frontend is ideal for evolving organizations...

Elizabethan England has nothing on modern-day Russia

This post was authored by Warren Mercer and Vitor Ventura The threat landscape is changing. Organizations need to defend against an ever-evolving tranche of threat actors. For a long time, the lines that distinguish state-sponsored and crimeware groups were well-defined. We believe this is... Thi...

Fraud Ring Launders Money Via Fake Charity Donations

A money-laundering fraud ring is targeting donation sites, taking advantage of the outpouring of charity sparked by the global pandemic. Dubbed Cart Crasher by the Sift security firm, the fraud ring leverages guest checkout options on donation sites to steal money and launder stolen payment cards...

How CISOs can stay ahead of ransomware attacks

With ransomware threats evolving in 2020, take a look at how you can stay ahead of the curve...

Intrinsic Security at VMworld 2020

VMworld 2020 kicked off today and for the first time ever, hundreds of security experts took the virtual stage to unveil how organizations can build a future read business with a truly unified security approach. Not able to attend all the sessions you wanted to today? Check out our highlights bel...

How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques

Web applications suffer continuously evolving attacks, where a web application firewall WAF is the first line of defense and a necessary part of organizations' cybersecurity strategies. WAFs are getting more sophisticated all the time, but as its core protection starts with efficient pattern...

Trickbot: A primer

By Chris Neal Executive Summary Trickbot remains one of the most sophisticated banking trojans in the landscape while constantly evolving.Highly modular, Trickbot can adapt to different environments with the help of its various modules.The group behind Trickbot has expanded their activities beyon...

Researchers Warn of Novel PXJ Ransomware Strain

Researchers have discovered a new strain of ransomware, dubbed “PXJ,” which emerged in the wild in early 2020. While PXJ performs functions similar to other ransomware variants, it does not appear to share the same underlying code with most known ransomware families, researchers said. They first...

Russia Is Learning How to Bypass Facebook's Disinfo Defenses

Social media platforms have stepped up the fight against Russia's Internet Research Agency—but the IRA is evolving too...

The Most Dangerous People on the Internet This Decade

In the early aughts the internet was less dangerous than it was disruptive. That's changed...

ICS Attackers Set To Inflict More Damage With Evolving Tactics

Future attacks on industrial control system ICS networks may inflict even more damage in the long run, according to new research. Analysts expect them to evolve from attacks that have immediate, direct impact to those with multiple stages and attack vectors that are more stealthy. While it remain...