Cybersecurity

Vulnerability Exploitation on the Rise as Attackers Ditch Phishing

In a move away from traditional phishing scams, attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, according to Mandiant’s M-Trends 2024 Report. In 2023, attackers gained initial access through exploiting vulnerabilities in 38% of intrusions, a 6% increase from the previous year. Mandiant also found phishing’s prevalence declined from 22% […]

Cybersecurity

How Attackers Can Own a Business Without Touching the Endpoint

Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here’s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services. Before getting into the details of the attack techniques being used, let’s discuss why these attacks are becoming more […]

Cybersecurity

How exposure management elevates cyber resilience – Help Net Security

Attackers are adept at identifying and exploiting the most cost-effective methods of compromise, highlighting the critical need for organizations to implement asset identification and understand their assets’ security posture in relation to the whole estate. Instead of asking, “Are we exposed?” organizations should ask, “How exposed are we?” To understand this question, businesses must implement […]

Cybersecurity

Targeted Phishing Linked to ‘The Com’ Surges

A persistent social engineering threat faced by enterprises involves attackers trying to obtain login credentials for identity and access management (IAM), cloud resources or single sign-on (SSO)-enabled systems. If successful, these entry points can allow broader access to an organization, leaving the potential for data theft and ransomware. We’ve observed a significant surge in 2024 […]

Cybersecurity

Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes

A security bug in the widely used Kubernetes container-management system allows attackers to remotely execute code with System privileges on Windows endpoints, potentially leading to full takeover of all Windows nodes within a Kubernetes cluster. Akamai security researcher Tomer Peled discovered the flaw, which is tracked as CVE-2023-5528 and has a CVSS score of 7.2. […]

Cybersecurity

QR Code ‘Quishing’ Attacks on Execs Surge, Evading Email Security

Email attacks relying on QR codes surged in the last quarter, with attackers specifically targeting corporate executives and managers, reinforcing recommendations that companies place additional digital protections around their business leadership. Making matters worse, phishing emails using QR codes (aka “quishing”) can often get by spam filters, with attacks targeting users of Microsoft 365 and […]