Podcasts about threat report

In this episode Senior Security Analyst Tyler Moffitt unpacks the 2025 OpenText Cybersecurity Threat Report. He dives into alarming shifts like a 28% spike in malware infections, the relentless resilience of ransomware group LockBit, and the surge of AI-enhanced phishing campaigns. Tyler breaks down why old-school malware tactics still dominate, how affiliate-driven ransomware-as-a-service is thriving, and why European businesses are increasingly in the crosshairs. Plus, he explores what's actually working—simple, disciplined defenses—and why “eating your cybersecurity vegetables” may be the most powerful strategy of all. Don't miss Tyler's predictions on AI's evolving role in both attack and defense for the year ahead.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

SAN FRANCISCO — RSA Conference 2025 "Sixty percent of the attacks we're tracking target low-profile vulnerabilities—things like privilege escalation and security bypasses, not the headline-making zero days," says Douglas McKee, Executive Director of Threat Research at SonicWall. Speaking live from the show floor at RSA 2025, McKee outlined how SonicWall is helping partners prioritize threats that are actually being exploited, not just those getting attention. In a fast-paced conversation with Technology Reseller News publisher Doug Green, McKee unveiled SonicWall's upcoming Managed Prevention Security Services (MPSS). The offering is designed to help reduce misconfigurations—a leading cause of breaches—by assisting with firewall patching and configuration validation. SonicWall is also collaborating with CySurance to package cyber insurance into this new managed service, providing peace of mind and operational relief to MSPs and customers alike. “Over 95% of the incidents we see are due to human error,” McKee noted. “With MPSS, we're stepping in as a partner to reduce that risk.” McKee also previewed an upcoming threat brief focused on Microsoft vulnerabilities, revealing an 11% year-over-year increase in attacks. Despite attention on high-profile CVEs, SonicWall's data shows attackers often rely on under-the-radar vulnerabilities with lower CVSS scores. For MSPs, McKee shared a stark warning: nearly 50% of the organizations SonicWall monitors are still vulnerable to decade-old exploits like Log4j and Heartbleed. SonicWall's telemetry-driven insights allow MSPs to focus remediation on widespread, high-impact threats. SonicWall's transformation from a firewall vendor to a full-spectrum cybersecurity provider was on display at RSA Booth #6353 (North Hall), where the company showcased its SonicSensory MDR, cloud offerings, and threat intelligence. "We've evolved into a complete cybersecurity partner," McKee said. "Whether it's in the cloud or on-prem, we're helping MSPs and enterprises defend smarter." Visitors to the SonicWall booth were treated to live presentations and fresh coffee—while those not attending can explore SonicWall's insights, including its February 2024 Threat Report and upcoming threat briefs, at www.sonicwall.com.

Elfogyott az adatkeret húsvét után? Most egy mozdulattal segíthetsz rajta Digital Hungary     2025-04-22 11:03:00     Mobiltech Hétvége Innováció Húsvét Yettel Az ünnepi hétvégék és hosszabb családi együttlétek után sokan szembesülnek vele, hogy az adatkeret nem minden esetben végtelen. Legyen szó húsvéti videóhívásokról, közösen nézett online filmekről vagy útvonaltervezésről, könnyen előfordulhat, hogy egy barát vagy családtag net nélkül marad – épp a legrosszabb pillanatban. A Yettel legújabb innováció Saját közösségi hálóval vágna vissza Musknak az OpenAI ICT Global     2025-04-22 05:03:24     Infotech Mesterséges intelligencia Elon Musk Instagram OpenAI Saját közösségi hálózat építését fontolgatja az OpenAI. Ezzel főként Elon Musk X-ének, valamint a Meta Instagramjának kíván konkurenciát állítani - tudta meg egy, a terveket ismerő forrástól a CNBC. Már 24 éves korban is lehet összefüggés az Alzheimer-kór rizikófaktorai és a kognitív funkciók között Telex     2025-04-22 13:28:47     Tudomány Alzheimer-kór Jóval korábban hatással lehetnek a gondolkodásra, mint eddig gondoltuk, ez is mutatja a korai prevenció fontosságát. Fény derült a rejtélyes emberi szerv funkciójára 24.hu     2025-04-22 14:20:31     Tudomány Az 1870-ben felfedezett rete ovariit egészen mostanáig csökevényesnek, haszontalannak hitték. Itt a tavasz, érkeznek a kullancsok – már egy appon keresztül is be lehet jelenteni a gyanús vérszívókat Helló Sajtó!     2025-04-22 10:45:08     Tudomány Tavasz Lyme-kór Kullancs Évek óta tart a HUN-REN Ökológiai Kutatóközpont Kullancsfigyelő programja. Mostantól a Kullancsfigyelő oldal mellett a PragmaTick mobilalkalmazás is segíti a nem őshonos Hyalomma kullancsok monitorozását. Mutatjuk, hogy működik az app. Továbbra is a zsarolóvírus a legnagyobb fenyegetés mmonline.hu     2025-04-22 07:53:48     Mobiltech Kiberbiztonság KKV Kibertámadás A Sophos kiadta a 2025-ös Éves Fenyegetettségi Jelentését ( Threat Report), amely kiemeli a 2024-ben a kis és középvállalkozásokat érő legnagyobb fenyegetéseket. A Sophos Incident Response (IR) és a Sophos Managed Detection and Response (MDR) esetei alapján a támadók leggyakrabban hálózati éleszközökön például tűzfalakon, routereken és VPN-eken ker Üresen, videók nélkül kezdett el megjelenni a YouTube kezdőoldala sokak gépén, mobilján PC Fórum     2025-04-22 08:00:00     Infotech Húsvét Google YouTube Böngésző Húsvét alatt a YouTube-felhasználók egy részét kellemetlen és zavarba ejtő meglepetés fogadta ha elindították az ismert videómegosztó alkalmazást, vagy megnyitották annak honlapját böngészőjükben. A Google szolgáltatásának kezdőlapja ugyanis abszolút videók nélkül, vagy a felhasználó korábban tanúsított érdeklődésével gyakorlatilag nulla kapcsolatb Rendszeresen tartanak alkoholmámoros lakomákat a bissau-guineai csimpánzok Qubit     2025-04-22 11:01:57     Tudomány Alkohol Guinea A táplálékon egyébként ritkán osztozkodó főemlősök az etanolosan erjedő kenyérgyümölcs érésekor vendégelik meg egymást. Kiberbiztonsági cég vásárol hackerfórumokon fiókokat, hogy bűnözők után kémkedjen NKI     2025-04-22 06:51:05     Infotech Svájc Kiberbiztonság Hacker Kibertámadás Kémkedés A svájci Prodaft kiberbiztonsági cég új programja keretében hitelesített és régebbi hackerfórum-fiókokat vásárol, hogy információkat gyűjtsön a kiberbűnözőkről. Régi korok eltűnt medreire bukkantak a Sárköz földjén Index     2025-04-22 14:57:00     Tudomány A Föld napján debütál a Sárköz – Terra Benedicta – A Dunamentének áldott földje című rövidfilm. Így képzeli el Jézus Krisztust a mesterséges intelligencia ATV     2025-04-22 01:33:00     Külföld Olaszország Mesterséges intelligencia A mesterséges intelligencia a torinói lepel alapján fotórealisztikus képet, majd animációt készített arról, hogyan nézhetett ki Jézus Krisztus. Elszabadulhat a szuperintelligencia a Google exvezére szerint – Már csak 3-5 éve van a világnak felkészülni erre Médiapiac     2025-04-22 08:00:00     Infotech Mesterséges intelligencia Google Eric Schmidt, a Google korábbi vezérigazgatója nemrégiben aggasztó jóslatot tett a mesterséges intelligencia (MI) jövőjéről. Ez már a valóság: a NASA-nál épül az emberiség első Hold körüli űrállomása vg.hu     2025-04-22 07:01:00     Külföld Világűr NASA Űrállomás A Halo az első modulja a Gatewaynek, amely a Hold körüli otthonuk lesz az űrhajósoknak. A további adásainkat keresd a podcast.hirstart.hu oldalunkon.

Elfogyott az adatkeret húsvét után? Most egy mozdulattal segíthetsz rajta Digital Hungary     2025-04-22 11:03:00     Mobiltech Hétvége Innováció Húsvét Yettel Az ünnepi hétvégék és hosszabb családi együttlétek után sokan szembesülnek vele, hogy az adatkeret nem minden esetben végtelen. Legyen szó húsvéti videóhívásokról, közösen nézett online filmekről vagy útvonaltervezésről, könnyen előfordulhat, hogy egy barát vagy családtag net nélkül marad – épp a legrosszabb pillanatban. A Yettel legújabb innováció Saját közösségi hálóval vágna vissza Musknak az OpenAI ICT Global     2025-04-22 05:03:24     Infotech Mesterséges intelligencia Elon Musk Instagram OpenAI Saját közösségi hálózat építését fontolgatja az OpenAI. Ezzel főként Elon Musk X-ének, valamint a Meta Instagramjának kíván konkurenciát állítani - tudta meg egy, a terveket ismerő forrástól a CNBC. Már 24 éves korban is lehet összefüggés az Alzheimer-kór rizikófaktorai és a kognitív funkciók között Telex     2025-04-22 13:28:47     Tudomány Alzheimer-kór Jóval korábban hatással lehetnek a gondolkodásra, mint eddig gondoltuk, ez is mutatja a korai prevenció fontosságát. Fény derült a rejtélyes emberi szerv funkciójára 24.hu     2025-04-22 14:20:31     Tudomány Az 1870-ben felfedezett rete ovariit egészen mostanáig csökevényesnek, haszontalannak hitték. Itt a tavasz, érkeznek a kullancsok – már egy appon keresztül is be lehet jelenteni a gyanús vérszívókat Helló Sajtó!     2025-04-22 10:45:08     Tudomány Tavasz Lyme-kór Kullancs Évek óta tart a HUN-REN Ökológiai Kutatóközpont Kullancsfigyelő programja. Mostantól a Kullancsfigyelő oldal mellett a PragmaTick mobilalkalmazás is segíti a nem őshonos Hyalomma kullancsok monitorozását. Mutatjuk, hogy működik az app. Továbbra is a zsarolóvírus a legnagyobb fenyegetés mmonline.hu     2025-04-22 07:53:48     Mobiltech Kiberbiztonság KKV Kibertámadás A Sophos kiadta a 2025-ös Éves Fenyegetettségi Jelentését ( Threat Report), amely kiemeli a 2024-ben a kis és középvállalkozásokat érő legnagyobb fenyegetéseket. A Sophos Incident Response (IR) és a Sophos Managed Detection and Response (MDR) esetei alapján a támadók leggyakrabban hálózati éleszközökön például tűzfalakon, routereken és VPN-eken ker Üresen, videók nélkül kezdett el megjelenni a YouTube kezdőoldala sokak gépén, mobilján PC Fórum     2025-04-22 08:00:00     Infotech Húsvét Google YouTube Böngésző Húsvét alatt a YouTube-felhasználók egy részét kellemetlen és zavarba ejtő meglepetés fogadta ha elindították az ismert videómegosztó alkalmazást, vagy megnyitották annak honlapját böngészőjükben. A Google szolgáltatásának kezdőlapja ugyanis abszolút videók nélkül, vagy a felhasználó korábban tanúsított érdeklődésével gyakorlatilag nulla kapcsolatb Rendszeresen tartanak alkoholmámoros lakomákat a bissau-guineai csimpánzok Qubit     2025-04-22 11:01:57     Tudomány Alkohol Guinea A táplálékon egyébként ritkán osztozkodó főemlősök az etanolosan erjedő kenyérgyümölcs érésekor vendégelik meg egymást. Kiberbiztonsági cég vásárol hackerfórumokon fiókokat, hogy bűnözők után kémkedjen NKI     2025-04-22 06:51:05     Infotech Svájc Kiberbiztonság Hacker Kibertámadás Kémkedés A svájci Prodaft kiberbiztonsági cég új programja keretében hitelesített és régebbi hackerfórum-fiókokat vásárol, hogy információkat gyűjtsön a kiberbűnözőkről. Régi korok eltűnt medreire bukkantak a Sárköz földjén Index     2025-04-22 14:57:00     Tudomány A Föld napján debütál a Sárköz – Terra Benedicta – A Dunamentének áldott földje című rövidfilm. Így képzeli el Jézus Krisztust a mesterséges intelligencia ATV     2025-04-22 01:33:00     Külföld Olaszország Mesterséges intelligencia A mesterséges intelligencia a torinói lepel alapján fotórealisztikus képet, majd animációt készített arról, hogyan nézhetett ki Jézus Krisztus. Elszabadulhat a szuperintelligencia a Google exvezére szerint – Már csak 3-5 éve van a világnak felkészülni erre Médiapiac     2025-04-22 08:00:00     Infotech Mesterséges intelligencia Google Eric Schmidt, a Google korábbi vezérigazgatója nemrégiben aggasztó jóslatot tett a mesterséges intelligencia (MI) jövőjéről. Ez már a valóság: a NASA-nál épül az emberiség első Hold körüli űrállomása vg.hu     2025-04-22 07:01:00     Külföld Világűr NASA Űrállomás A Halo az első modulja a Gatewaynek, amely a Hold körüli otthonuk lesz az űrhajósoknak. A további adásainkat keresd a podcast.hirstart.hu oldalunkon.

In this episode, recent news about data breaches affecting entities such as Comisiones Obreras and Generali are discussed, as well as cyberattacks on Spanish provincial and municipal governments attributed to a pro-Russian group. The program features the participation of Sonia Fernández from Tales S21 SEC, who presents a report on cyber threat trends for the second half of 2024, including the rise of ransomware and the exploitation of vulnerabilities, and offers recommendations for business protection. Additionally, Pablo Sanemeterio's participation in RUTDcon, a cybersecurity event, is commented on, where he presented a practical case of an attack and discussed the importance of prevention, detection, and response to cyber threats. Twitter: @ciberafterwork Instagram: @ciberafterwork Panda Security: https://www.pandasecurity.com/es/ +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.vapasec.com/ VAPASEC https://www.vapasec.com/ https://www.vapasec.com/webprotection/

South Africa has been ranked the most targeted country in Africa for cybercrime, accounting for 40% of all ransomware attacks and nearly 35% of infostealer incidents on the continent. This is according to global cybersecurity company ESET’s latest bi-annual Threat Report, which highlights key trends shaping the digital security landscape. In June 2024, South Africa’s National Health Laboratory Service (NHLS) reported that it was hit with a ransomware attack, which disrupted its systems, deleted backups, and stole 1.2-terabytes of data – in the middle of dealing an mpox outbreak. The breach also put sensitive medical data of millions of patients at risk. More recently, in January 2025, the South African Weather Service disclosed that its ICT-base systems were disrupted by an attack led by ransomware-as-a-service group RansomHub – who have racked up hundreds of victims, since they were first detected at the start of 2024. See omnystudio.com/listener for privacy information.

In H2 2024, the infostealer scene went through a shakeup leading to a reshaped top 10 with Formbook dethroning Agent Tesla, Lumma Stealer jumping the ranks by using a new tactic for its distribution, and both Redline Stealer and Meta Stealer losing ground after takedown. There's also a novel attack vector that works for both Android and iOS devices, misusing technologies allowing mobile users to install apps directly from websites from mobile browsers. And let's not forget the booming numbers of investment scams on social media, detected as HTML/Nomani. Of course, this podcast episode can only cover so much of the latest ESET Threat Report H2 2024. Visit WeLiveSecurity to read about other topics it covers. Host: Aryeh Goretsky, ESET Distinguished Researcher Guest: Ondrej Kubovič, Security Awareness Specialist Read more @WeLiveSecurity.com and @ESETresearch on Twitter ESET Threat Report H2 2024

China's cyber enterprise is rapidly growing: China-nexus activity was up 150% across industries in 2024, with a 200-300% surge in key sectors such as financial services, media, manufacturing, and industrials/engineering. CrowdStrike identified seven new China-nexus adversaries in 2024. “After decades investing in offensive cyber capabilities, China has achieved parity with some of the top players out there, and I think that is the thing that should terrify everybody,” Adam says.   China-nexus threat actors aren't the only ones evolving their cyber operations. As the CrowdStrike 2025 Global Threat Report shows, nation-state and eCrime adversaries spanning regions and skill levels are gaining speed and refining their techniques. They're learning what works and what doesn't, and they're scaling their effective tactics to achieve their goals. So what works? Voice phishing (vishing) skyrocketed 442% between the first and second half of 2024 as adversaries leaned on vishing, callback phishing, and help desk social engineering to access target networks. Generative AI played a key role in social engineering, where its low barrier to entry and powerful capabilities help adversaries create convincing content at scale. Compromised credentials also proved handy last year, helping threat actors enter and move laterally through organizations and operate as legitimate users.  What doesn't work as well? Malware. 79% of detections in 2024 were malware-free, indicating a rise in hands-on-keyboard activity as adversaries face stronger security defenses.  Tune in to hear Adam and Cristian dig into the key findings of the CrowdStrike 2025 Global Threat Report, which also examines the latest on cloud-focused attacks, vulnerability exploitation, and nation-state activity around the world.

Cybercriminals are becoming increasingly adept at phishing, with a significant rise in successful attacks targeting employees. Last year, 8.4 out of every 1,000 users clicked on a phishing link—nearly triple the rate from the previous year. This isn't just about suspicious emails; malicious links are prevalent across the internet, and attackers are leveraging generative AI to create increasingly convincing imitations of legitimate business communications and websites. While you've likely been warned about fake package delivery notices and bank alerts, it's crucial to understand that the most successful phishing attacks often impersonate cloud or other technology vendors—the very tools you rely on every day at work. These tech-related phishing links were clicked 27% of the time last year, according to Netskope's latest Cloud and Threat Report, significantly higher than fake bank or social media links. Don't be fooled by sophisticated-looking emails or websites, especially those related to technology services. Always consider the context: Are you expecting this communication? Does it align with your current work projects? And when in doubt, contact your IT or technical support team directly to verify the legitimacy of any suspicious communication. The 60-second "Security Nudge" is brought to you by CybSafe, developers of the Human Risk Management Platform. Learn more at https://cybsafe.com

https://jupyter.securitybreak.io/Threat_Report_Summarization/Threat_Summarization_Few_shot_learning.html Sponsor by ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠SEC Playground⁠

Our friends at Fletch provide a grand slam of threats for Thanksgiving week, covering Apple, Android, AWS and Microsoft vulnerabilities No regular podcast this week but we will be back next week with a possible new way to abuse AI. --- Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Twice yearly, ESET publishes its Threat Report in which it unpacks the latest trends and developments in the world of information security. Adrian Stanford, group chief technology officer at ESET Southern Africa, is our guest in the latest episode of TechCentral's TCS+, and he provides a succinct overview of the key trends identified in the latest ESET Threat Report, for the first half of 2024. Stanford provides a brief overview of the findings before delving into: • The threat posed by generative AI, including how bad actors are using the technology to break into systems and target victims; • The rise of deepfakes and the threat they pose, particularly in mobile; • The threat posed to Linux-based systems – and why there's a misconception that malware doesn't target Linux (or macOS); and • The latest on plug-in malware impacting WordPress-based websites. Don't miss this informative discussion about the evolving world of cyberthreats and how they could impact you and your business. TechCentral

The SIS says threats to New Zealand's national security are increasingly likely to come from within - be it disgruntled government employees or those in desperate need of extra cash.

Host Karl got together with Jamie Levy, Director of Adversary Tactics from Huntress.  Jamie is also a longtime researcher, developer and board member of the Volatility Foundation. She has worked over 15 years in the digital forensics industry, conducting investigations as well as building out software solutions.  We got together to discuss the Huntress 2024 Threat Report. Download here: https://www.huntress.com/resources/2024-cyber-threat-report?utm_campaign=CY24-Q2-Threat-Report&utm_source=smb-community-podcast&utm_medium=podcast&utm_content=August-2024-threat-report Jamie walks us through some of the major trends, including important "take-downs" and ransomware trends. One interesting finds is that squishing down one threat leaves room for other threats to increase. Her analogy to apex predators in the animal world is excellent.  Karl's favorite quote from this interview (though scary): "The smaller businesses are the testbed" for malware writers. Why have a test network when you can use live machines as your testbed? If feels like we knew that. Now we know it for sure. Thanks to Huntress for their excellent 2024 Threat Report. Check out the full report while you listen. MSPs: Huntress has a great NFR program for professional consultants. Here's a link to their not-for-resale program for MSPs - Neighborhood Watch. This gives MSPs access to Huntress products for internal use to to level up their own protection -- whether they are a partner or not! https://www.huntress.com/neighborhood-watch-program/internal-license-request?utm_campaign=CY22-Q2-NFR-Neighborhood-Watch&utm_source=smb-community-podcast&utm_medium=podcast&utm_content=August-2024-threat-report Comments and questions welcome. -- -- --  This is a paid appearance. Thank you, Huntress, for supporting the SMB Community Podcast. :-)

As a special treat for this week's vault episode, we set up a conversation with Derek Manky to discuss Fortinet's FortiGuard Labs Threat Report. This is a bi-annual report put out by FortiGuard Labs, and in my opinion, it just keeps getting better and better. The report is chock full of actionable information and insights. It answered all my questions about the current state of threats and attacks, like: What is the latest big shift in strategy and focus for ransomware groups? I keep hearing that attackers are getting faster and faster - how much time to defenders actually have these days (to patch a critical vuln, for example)? What are the latest attack techniques being used? Which are used less, or never used? There's not a dull moment in this conversation - I hope you enjoy listening to or watching it as much as I did making it! Segment Resources: Fortiguard Labs 2H 2023 FortiGuard Labs Threat Report Show Notes: https://securityweekly.com/vault-esw-9

As a special treat for this week's vault episode, we set up a conversation with Derek Manky to discuss Fortinet's FortiGuard Labs Threat Report. This is a bi-annual report put out by FortiGuard Labs, and in my opinion, it just keeps getting better and better. The report is chock full of actionable information and insights. It answered all my questions about the current state of threats and attacks, like: What is the latest big shift in strategy and focus for ransomware groups? I keep hearing that attackers are getting faster and faster - how much time to defenders actually have these days (to patch a critical vuln, for example)? What are the latest attack techniques being used? Which are used less, or never used? There's not a dull moment in this conversation - I hope you enjoy listening to or watching it as much as I did making it! Segment Resources: Fortiguard Labs 2H 2023 FortiGuard Labs Threat Report Show Notes: https://securityweekly.com/vault-esw-9

As a special treat for this week's vault episode, we set up a conversation with Derek Manky to discuss Fortinet's FortiGuard Labs Threat Report. This is a bi-annual report put out by FortiGuard Labs, and in my opinion, it just keeps getting better and better. The report is chock full of actionable information and insights. It answered all my questions about the current state of threats and attacks, like: What is the latest big shift in strategy and focus for ransomware groups? I keep hearing that attackers are getting faster and faster - how much time to defenders actually have these days (to patch a critical vuln, for example)? What are the latest attack techniques being used? Which are used less, or never used? There's not a dull moment in this conversation - I hope you enjoy listening to or watching it as much as I did making it! Segment Resources: Fortiguard Labs 2H 2023 FortiGuard Labs Threat Report Show Notes: https://securityweekly.com/vault-esw-9

As a special treat for this week's vault episode, we set up a conversation with Derek Manky to discuss Fortinet's FortiGuard Labs Threat Report. This is a bi-annual report put out by FortiGuard Labs, and in my opinion, it just keeps getting better and better. The report is chock full of actionable information and insights. It answered all my questions about the current state of threats and attacks, like: What is the latest big shift in strategy and focus for ransomware groups? I keep hearing that attackers are getting faster and faster - how much time to defenders actually have these days (to patch a critical vuln, for example)? What are the latest attack techniques being used? Which are used less, or never used? There's not a dull moment in this conversation - I hope you enjoy listening to or watching it as much as I did making it! Segment Resources: Fortiguard Labs 2H 2023 FortiGuard Labs Threat Report Show Notes: https://securityweekly.com/vault-esw-9

Send us a Text Message.Notes from RedCanarys' annual threat report includingKey trends, top 10 threats, and the most prevalent adversary techniques. Support the Show.Google Drive link for Podcast content:https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnkoMy Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/Youtube Channnel : https://www.youtube.com/@TheCybermanShow Twitter handle https://twitter.com/prashant_cyber PS: The views are my own and dont reflect any views from my employer.

In cybersecurity, understanding the constantly evolving landscape of threats is key to safeguarding digital assets and sensitive information. DirectDefense, a leading security services provider, offers valuable insights into the world of threat intelligence through a candid conversation with Jim Broome, the Director of DirectDefense. In a recent discussion with Sean Martin, they delved into the nuances of IT and OT convergence, network separation, and the critical significance of threat reports.Uncovering Threat Intelligence TrendsThe dialogue between Sean Martin and Jim Broome sheds light on the intricate details of threat intelligence gathered by DirectDefense. Jim Broome's extensive experience in the industry, coupled with DirectDefense's commitment to cybersecurity excellence, unveils compelling narratives of threat actors, attack methodologies, and strategic responses to mitigate risks effectively.From Penetration Testing to Managed Services: DirectDefense's EvolutionJim Broome narrates DirectDefense's journey from its inception, focusing on core services like penetration testing and managed services. The shift towards leveraging threat reports to provide actionable insights to clients showcases DirectDefense's proactive approach in addressing emerging cyber threats effectively.The Impact of Threat Actor Behavior on Security PostureThrough real-world examples like the Scattered Spider threat group's activities, Jim Broome highlights the direct impact of threat actor behavior on organizations. By dissecting attack vectors and lessons learned from engagements with threat actors, DirectDefense empowers clients with the knowledge to strengthen their security postures.Collaboration and Customized SolutionsJim Broome emphasizes the value of collaboration and customization in cybersecurity services. By tailoring alerts, response strategies, and monitoring solutions to suit each client's unique environment, DirectDefense fosters a culture of resilience and preparedness against potential cyber threats.Empowering Organizations with Actionable InsightsThe blog post underscores the importance of utilizing threat reports to gain actionable insights and establish robust security protocols. DirectDefense's approach to presenting information in a tangible and practical manner resonates with organizations seeking to enhance their cybersecurity frameworks.Looking Towards the Future of CybersecurityAs cybersecurity landscapes continue to evolve, organizations face the challenge of adapting to new threats and vulnerabilities. DirectDefense's proactive stance on integrating cybersecurity solutions with core IT disciplines signals a strategic approach towards ensuring operational resilience and uptime in critical infrastructure sectors.The Essence of Collaboration and Expert GuidanceDirectDefense's emphasis on collaboration, expert guidance, and responsiveness to evolving threats underscores their commitment to ensuring clients are equipped with the necessary tools and insights to navigate the complex cybersecurity landscape successfully.DirectDefense's conversation with Jim Broome offers a glimpse into the intricate world of threat intelligence, showcasing a blend of experience, expertise, and foresight in safeguarding organizations against cyber threats. By leveraging actionable insights and strategic responses, DirectDefense paves the way for a more secure and resilient digital environment.Learn more about DirectDefense: https://itspm.ag/directdef-gs7Note: This story contains promotional content. Learn more.Guest: Jim Broome, President and CTO, DirectDefense [@Direct_Defense]On LinkedIn | https://www.linkedin.com/in/jim-broome-88a0a02/ResourcesLearn more and catch more stories from DirectDefense: https://www.itspmagazine.com/directory/directdefenseView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In cybersecurity, understanding the constantly evolving landscape of threats is key to safeguarding digital assets and sensitive information. DirectDefense, a leading security services provider, offers valuable insights into the world of threat intelligence through a candid conversation with Jim Broome, the Director of DirectDefense. In a recent discussion with Sean Martin, they delved into the nuances of IT and OT convergence, network separation, and the critical significance of threat reports.Uncovering Threat Intelligence TrendsThe dialogue between Sean Martin and Jim Broome sheds light on the intricate details of threat intelligence gathered by DirectDefense. Jim Broome's extensive experience in the industry, coupled with DirectDefense's commitment to cybersecurity excellence, unveils compelling narratives of threat actors, attack methodologies, and strategic responses to mitigate risks effectively.From Penetration Testing to Managed Services: DirectDefense's EvolutionJim Broome narrates DirectDefense's journey from its inception, focusing on core services like penetration testing and managed services. The shift towards leveraging threat reports to provide actionable insights to clients showcases DirectDefense's proactive approach in addressing emerging cyber threats effectively.The Impact of Threat Actor Behavior on Security PostureThrough real-world examples like the Scattered Spider threat group's activities, Jim Broome highlights the direct impact of threat actor behavior on organizations. By dissecting attack vectors and lessons learned from engagements with threat actors, DirectDefense empowers clients with the knowledge to strengthen their security postures.Collaboration and Customized SolutionsJim Broome emphasizes the value of collaboration and customization in cybersecurity services. By tailoring alerts, response strategies, and monitoring solutions to suit each client's unique environment, DirectDefense fosters a culture of resilience and preparedness against potential cyber threats.Empowering Organizations with Actionable InsightsThe blog post underscores the importance of utilizing threat reports to gain actionable insights and establish robust security protocols. DirectDefense's approach to presenting information in a tangible and practical manner resonates with organizations seeking to enhance their cybersecurity frameworks.Looking Towards the Future of CybersecurityAs cybersecurity landscapes continue to evolve, organizations face the challenge of adapting to new threats and vulnerabilities. DirectDefense's proactive stance on integrating cybersecurity solutions with core IT disciplines signals a strategic approach towards ensuring operational resilience and uptime in critical infrastructure sectors.The Essence of Collaboration and Expert GuidanceDirectDefense's emphasis on collaboration, expert guidance, and responsiveness to evolving threats underscores their commitment to ensuring clients are equipped with the necessary tools and insights to navigate the complex cybersecurity landscape successfully.DirectDefense's conversation with Jim Broome offers a glimpse into the intricate world of threat intelligence, showcasing a blend of experience, expertise, and foresight in safeguarding organizations against cyber threats. By leveraging actionable insights and strategic responses, DirectDefense paves the way for a more secure and resilient digital environment.Learn more about DirectDefense: https://itspm.ag/directdef-gs7Note: This story contains promotional content. Learn more.Guest: Jim Broome, President and CTO, DirectDefense [@Direct_Defense]On LinkedIn | https://www.linkedin.com/in/jim-broome-88a0a02/ResourcesLearn more and catch more stories from DirectDefense: https://www.itspmagazine.com/directory/directdefenseView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Podcast: Unsolicited Response (LS 34 · TOP 5% what is this?)Episode: 2024 Threat Report – OT Cyber Attacks with Physical ConsequencesPub date: 2024-05-03Waterfall Security Solutions and ICSSTRIVE put out an annual threat report that Dale Peterson believes is the best in OT. Why? It only includes incidents that had physical consequences on systems monitored and controlled by OT.  Dale and Andrew discuss: What is in and out of scope for the report. The breakdown of the 68 incidents that occurred in 2023 by industry sector, cause, threat actor and more. The impact reporting requirements may have on these numbers in the future. What percentage of OT cyber incidents with physical consequences are made public. Ransomware on IT causing physical consequences, exfil v. encryption, and what asset owners should do given this represents 80% of the known incidents in the report. And more. Links: 2024 Threat Report: https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/2024-threat-report-ot-cyberattacks-with-physical-consequences/  ICSSTRIVE: https://icsstrive.com S4 Events YouTube Channel: https://youtube.com/s4events The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Unsolicited Response (LS 34 · TOP 5% what is this?)Episode: 2024 Threat Report – OT Cyber Attacks with Physical ConsequencesPub date: 2024-05-03Waterfall Security Solutions and ICSSTRIVE put out an annual threat report that Dale Peterson believes is the best in OT. Why? It only includes incidents that had physical consequences on systems monitored and controlled by OT.  Dale and Andrew discuss: What is in and out of scope for the report. The breakdown of the 68 incidents that occurred in 2023 by industry sector, cause, threat actor and more. The impact reporting requirements may have on these numbers in the future. What percentage of OT cyber incidents with physical consequences are made public. Ransomware on IT causing physical consequences, exfil v. encryption, and what asset owners should do given this represents 80% of the known incidents in the report. And more. Links: 2024 Threat Report: https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/2024-threat-report-ot-cyberattacks-with-physical-consequences/  ICSSTRIVE: https://icsstrive.com S4 Events YouTube Channel: https://youtube.com/s4events The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Waterfall Security Solutions and ICSSTRIVE put out an annual threat report that Dale Peterson believes is the best in OT. Why? It only includes incidents that had physical consequences on systems monitored and controlled by OT.  Dale and Andrew discuss: What is in and out of scope for the report. The breakdown of the 68 incidents that occurred in 2023 by industry sector, cause, threat actor and more. The impact reporting requirements may have on these numbers in the future. What percentage of OT cyber incidents with physical consequences are made public. Ransomware on IT causing physical consequences, exfil v. encryption, and what asset owners should do given this represents 80% of the known incidents in the report. And more. Links: 2024 Threat Report: https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/2024-threat-report-ot-cyberattacks-with-physical-consequences/  ICSSTRIVE: https://icsstrive.com S4 Events YouTube Channel: https://youtube.com/s4events

In 2023, ESET detected over 675,000 attempts to access malicious domains abusing the popularity of ChatGPT; some offer bring-your-own-key web apps that can steal OpenAI API keys. Apart from AI, in H2 the Cl0p ransomware gang exploited MOVEit software, causing a staggering $14 billion in damages. The IoT landscape faced the new Pandora botnet, compromising Android devices via malicious firmware updates or pirated content apps. Of course, this podcast episode can only cover so much of the latest ESET Threat Report H2 2023. Visit WeLiveSecurity to read about other topics it covers. Host: Aryeh Goretsky, ESET Distinguished Researcher Guest: René Holt, Security Awareness Specialist Read more @WeLiveSecurity.com and @ESETresearch on Twitter ESET Threat Reports and ESET APT Activity Reports

We're kicking off 2024 with our Monthly Threat Report analysis. Every month, our Security Lab looks into M365 security trends and email-based threats and provides commentary on current events in the cybersecurity space.  In this episode, Andy and Eric Siron discuss the Monthly Threat Report for January 2024. Tune in to learn about the top-targeted industries, brand impersonations, the MOVEit supply chain attack, the active attack by the Iranian hacking group "Homeland Justice" on the Albanian government, and much more!  Episode Resources: Full Monthly Threat Report for January 2024 Annual Cyber Security Report 2024 Andy on LinkedIn , Twitter , Mastodon Eric on Twitter

Tune into our latest Security Visionaries podcast where host Max Havey engages in a riveting discussion with Ray Canzanese, the Director of Netskope Threat Labs as they reflect on the threat landscape trends of 2023. In this episode they examine the emergence of generative AI, the rampant use of Trojans in cyber attacks, the dynamic tactics of cyber extortion, and delve into the effects of geopolitical conflicts on cyber threats and the prevalent role of ransomware. Read the latest Cloud and Threat Report here.

Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, joins Corey on Screaming in the Cloud to discuss the newest benchmark for responding to security threats, 5/5/5. Anna describes why it was necessary to set a new benchmark for responding to security threats in a timely manner, and how the Sysdig team did research to determine the best practices for detecting, correlating, and responding to potential attacks. Corey and Anna discuss the importance of focusing on improving your own benchmarks towards a goal, as well as how prevention and threat detection are both essential parts of a solid security program. About AnnaAnna has nearly ten years of experience researching and advising organizations on cloud adoption with a focus on security best practices. As a Gartner Analyst, Anna spent six years helping more than 500 enterprises with vulnerability management, security monitoring, and DevSecOps initiatives. Anna's research and talks have been used to transform organizations' IT strategies and her research agenda helped to shape markets. Anna is the Director of Thought Leadership at Sysdig, using her deep understanding of the security industry to help IT professionals succeed in their cloud-native journey. Anna holds a PhD in Materials Engineering from the University of Michigan, where she developed computational methods to study solar cells and rechargeable batteries.Links Referenced: Sysdig: https://sysdig.com/ Sysdig 5/5/5 Benchmark: https://sysdig.com/555 TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I am joined again—for another time this year—on this promoted guest episode brought to us by our friends at Sysdig, returning is Anna Belak, who is their director of the Office of Cybersecurity Strategy at Sysdig. Anna, welcome back. It's been a hot second.Anna: Thank you, Corey. It's always fun to join you here.Corey: Last time we were here, we were talking about your report that you folks had come out with, the, “Cybersecurity Threat Landscape for 2022.” And when I saw you were doing another one of these to talk about something, I was briefly terrified. “Oh, wow, please tell me we haven't gone another year and the cybersecurity threat landscape is moving that quickly.” And it sort of is, sort of isn't. You're here today to talk about something different, but it also—to my understanding—distills down to just how quickly that landscape is moving. What have you got for us today?Anna: Exactly. For those of you who remember that episode, one of the key findings in the Threat Report for 2023 was that the average length of an attack in the cloud is ten minutes. To be clear, that is from when you are found by an adversary to when they have caused damage to your system. And that is really fast. Like, we talked about how that relates to on-prem attacks or other sort of averages from other organizations reporting how long it takes to attack people.And so, we went from weeks or days to minutes, potentially seconds. And so, what we've done is we looked at all that data, and then we went and talked to our amazing customers and our many friends at analyst firms and so on, to kind of get a sense for if this is real, like, if everyone is seeing this or if we're just seeing this. Because I'm always like, “Oh, God. Like, is this real? Is it just me?”And as it turns out, everyone's not only—I mean, not necessarily everyone's seeing it, right? Like, there's not really been proof until this year, I would say because there's a few reports that came out this year, but lots of people sort of anticipated this. And so, when we went to our customers, and we asked for their SLAs, for example, they were like, “Oh, yeah, my SLA for a [PCRE 00:02:27] cloud is like 10, 15 minutes.” And I was like, “Oh, okay.” So, what we set out to do is actually set a benchmark, essentially, to see how well are you doing. Like, are you equipped with your cloud security program to respond to the kind of attack that a cloud security attacker is going to—sorry, an anti-cloud security—I guess—attacker is going to perpetrate against you.And so, the benchmark is—drumroll—5/5/5. You have five seconds to detect a signal that is relevant to potentially some attack in the cloud—hopefully, more than one such signal—you have five minutes to correlate all such relevant signals to each other so that you have a high fidelity detection of this activity, and then you have five more minutes to initiate an incident response process to hopefully shut this down, or at least interrupt the kill chain before your environments experience any substantial damage.Corey: To be clear, that is from a T0, a starting point, the stopwatch begins, the clock starts when the event happens, not when an event shows up in your logs, not once someone declares an incident. From J. Random Hackerman, effectively, we're pressing the button and getting the response from your API.Anna: That's right because the attackers don't really care how long it takes you to ship logs to wherever you're mailing them to. And that's why it is such a short timeframe because we're talking about, they got in, you saw something hopefully—and it may take time, right? Like, some of the—which we'll describe a little later, some of the activities that they perform in the early stages of the attack are not necessarily detectable as malicious right away, which is why your correlation has to occur, kind of, in real time. Like, things happen, and you're immediately adding them, sort of like, to increase the risk of this detection, right, to say, “Hey, this is actually something,” as opposed to, you know, three weeks later, I'm parsing some logs and being like, “Oh, wow. Well, that's not good.” [laugh].Corey: The number five seemed familiar to me in this context, so I did a quick check, and sure enough, allow me to quote from chapter and verse from the CloudTrail documentation over an AWS-land. “CloudTrail typically delivers logs within an average of about five minutes of an API call. This time is not guaranteed.” So effectively, if you're waiting for anything that's CloudTrail-driven to tell you that you have a problem, it is almost certainly too late by the time that pops up, no matter what that notification vector is.Anna: That is, unfortunately or fortunately, true. I mean, it's kind of a fact of life. I guess there is a little bit of a veiled [unintelligible 00:04:43] at our cloud provider friends because, really, they have to do better ultimately. But the flip side to that argument is CloudTrail—or your cloud log source of choice—cannot be your only source of data for detecting security events, right? So, if you are operating purely on the basis of, “Hey, I have information in CloudTrail; that is my security information,” you are going to have a bad time, not just because it's not fast enough, but also because there's not enough data in there, right? Which is why part of the first, kind of, benchmark component is that you must have multiple data sources for the signals, and they—ideally—all will be delivered to you within five seconds of an event occurring or a signal being generated.Corey: And give me some more information on that because I have my own alerter, specifically, it's a ClickOps detector. Whenever someone in one of my accounts does something in the console, that has a write aspect to it rather than just a read component—which again, look at what you want in the console, that's fine—if you're changing things that is not being managed by code, I want to know that it's happening. It's not necessarily bad, but I want to at least have visibility into it. And that spits out the principal, the IP address it emits from, and the rest. I haven't had a whole lot where I need to correlate those between different areas. Talk to me more about the triage step.Anna: Yeah, so I believe that the correlation step is the hardest, actually.Corey: Correlation step. My apologies.Anna: Triage is fine. It's [crosstalk 00:06:06]—Corey: Triage, correlations, the words we use matter on these things.Anna: Dude, we argued about the words on this for so long, you could even imagine. Yeah, triage, correlation, detection, you name it, we are looking at multiple pieces of data, we're going to connect them to each other meaningfully, and that is going to provide us with some insight about the fact that a bad thing is happening, and we should respond to it. Perhaps automatically respond to it, but we'll get to that. So, a correlation, okay. The first thing is, like I said, you must have more than one data source because otherwise, I mean, you could correlate information from one data source; you actually should do that, but you are going to get richer information if you can correlate multiple data sources, and if you can access, for example, like through an API, some sort of enrichment for that information.Like, I'll give you an example. For SCARLETEEL, which is an attack we describe in the thread report, and we actually described before, this is—we're, like—on SCARLETEEL, I think, version three now because there's so much—this particular certain actor is very active [laugh].Corey: And they have a better versioning scheme than most companies I've spoken to, but that's neither here nor there.Anna: [laugh]. Right? So, one of the interesting things about SCARLETEEL is you could eventually detect that it had happened if you only had access to CloudTrail, but you wouldn't have the full picture ever. In our case, because we are a company that relies heavily on system calls and machine learning detections, we [are able to 00:07:19] connect the system call events to the CloudTrail events, and between those two data sources, we're able to figure out that there's something more profound going on than just what you see in the logs. And I'll actually tell you, which, for example, things are being detected.So, in SCARLETEEL, one thing that happens is there's a crypto miner. And a crypto miner is one of these events where you're, like, “Oh, this is obviously malicious,” because as we wrote, I think, two years ago, it costs $53 to mine $1 of Bitcoin in AWS, so it is very stupid for you to be mining Bitcoin in AWS, unless somebody else is—Corey: In your own accounts.Anna: —paying the cloud bill. Yeah, yeah [laugh] in someone else's account, absolutely. Yeah. So, if you are a sysadmin or a security engineer, and you find a crypto miner, you're like, “Obviously, just shut that down.” Great. What often happens is people see them, and they think, “Oh, this is a commodity attack,” like, people are just throwing crypto miners whatever, I shut it down, and I'm done.But in the case of this attack, it was actually a red herring. So, they deployed the miner to see if they could. They could, then they determined—presumably; this is me speculating—that, oh, these people don't have very good security because they let random idiots run crypto miners in their account in AWS, so they probed further. And when they probed further, what they did was some reconnaissance. So, they type in commands, listing, you know, like, list accounts or whatever. They try to list all the things they can list that are available in this account, and then they reach out to an EC2 metadata service to kind of like, see what they can do, right?And so, each of these events, like, each of the things that they do, like, reaching out to a EC2 metadata service, assuming a role, doing a recon, even lateral movement is, like, by itself, not necessarily a scary, big red flag malicious thing because there are lots of, sort of, legitimate reasons for someone to perform those actions, right? Like, reconnaissance, for one example, is you're, like, looking around the environment to see what's up, right? So, you're doing things, like, listing things, [unintelligible 00:09:03] things, whatever. But a lot of the graphical interfaces of security tools also perform those actions to show you what's, you know, there, so it looks like reconnaissance when your tool is just, like, listing all the stuff that's available to you to show it to you in the interface, right? So anyway, the point is, when you see them independently, these events are not scary. They're like, “Oh, this is useful information.”When you see them in rapid succession, right, or when you see them alongside a crypto miner, then your tooling and/or your process and/or your human being who's looking at this should be like, “Oh, wait a minute. Like, just the enumeration of things is not a big deal. The enumeration of things after I saw a miner, and you try and talk to the metadata service, suddenly I'm concerned.” And so, the point is, how can you connect those dots as quickly as possible and as automatically as possible, so a human being doesn't have to look at, like, every single event because there's an infinite number of them.Corey: I guess the challenge I've got is that in some cases, you're never going to be able to catch up with this. Because if it's an AWS call to one of the APIs that they manage for you, they explicitly state there's no guarantee of getting information on this until the show's all over, more or less. So, how is there… like, how is there hope?Anna: [laugh]. I mean, there's always a forensic analysis, I guess [laugh] for all the things that you've failed to respond to.Corey: Basically we're doing an after-action thing because humans aren't going to react that fast. We're just assuming it happened; we should know about it as soon as possible. On some level, just because something is too late doesn't necessarily mean there's not value added to it. But just trying to turn this into something other than a, “Yeah, they can move faster than you, and you will always lose. The end. Have a nice night.” Like, that tends not to be the best narrative vehicle for these things. You know, if you're trying to inspire people to change.Anna: Yeah, yeah, yeah, I mean, I think one clear point of hope here is that sometimes you can be fast enough, right? And a lot of this—I mean, first of all, you're probably not going to—sorry, cloud providers—you don't go into just the cloud provider defaults for that level of performance, you are going with some sort of third-party tool. On the, I guess, bright side, that tool can be open-source, like, there's a lot of open-source tooling available now that is fast and free. For example, is our favorite, of course, Falco, which is looking at system calls on endpoints, and containers, and can detect things within seconds of them occurring and let you know immediately. There is other EBPF-based instrumentation that you can use out there from various vendors and/or open-source providers, and there's of course, network telemetry.So, if you're into the world of service mesh, there is data you can get off the network, also very fast. So, the bad news or the flip side to that is you have to be able to manage all that information, right? So, that means—again, like I said, you're not expecting a SOC analyst to look at thousands of system calls and thousands of, you know, network packets or flow logs or whatever you're looking at, and just magically know that these things go together. You are expecting to build, or have built for you by a vendor or the open-source community, some sort of dissection content that is taking this into account and then is able to deliver that alert at the speed of 5/5/5.Corey: When you see the larger picture stories playing out, as far as what customers are seeing, what the actual impact is, what gave rise to the five-minute number around this? Just because that tends to feel like it's a… it is both too long and also too short on some level. I'm just wondering how you wound up at—what is this based on?Anna: Man, we went through so many numbers. So, we [laugh] started with larger numbers, and then we went to smaller numbers, then we went back to medium numbers. We align ourselves with the timeframes we're seeing for people. Like I said, a lot of folks have an SLA of responding to a P0 within 10 or 15 minutes because their point basically—and there's a little bit of bias here into our customer base because our customer base is, A, fairly advanced in terms of cloud adoption and in terms of security maturity, and also, they're heavily in let's say, financial industries and other industries that tend to be early adopters of new technology. So, if you are kind of a laggard, like, you probably aren't that close to meeting this benchmark as you are if you're saying financial, right? So, we asked them how they operate, and they basically pointed out to us that, like, knowing 15 minutes later is too late because I've already lost, like, some number of millions of dollars if my environment is compromised for 15 minutes, right? So, that's kind of where the ten minutes comes from. Like, we took our real threat research data, and then we went around and talked to folks to see kind of what they're experiencing and what their own expectations are for their incident response in SOC teams, and ten minutes is sort of where we landed.Corey: Got it. When you see this happening, I guess, in various customer environments, assuming someone has missed that five-minute window, is a game over effectively? How should people be thinking about this?Anna: No. So, I mean, it's never really game over, right? Like until your company is ransomed to bits, and you have to close your business, you still have many things that you can do, hopefully, to save yourself. And also, I want to be very clear that 5/5/5 as a benchmark is meant to be something aspirational, right? So, you should be able to meet this benchmark for, let's say, your top use cases if you are a fairly high maturity organization, in threat detection specifically, right?So, if you're just beginning your threat detection journey, like, tomorrow, you're not going to be close. Like, you're going to be not at all close. The point here, though, is that you should aspire to this level of greatness, and you're going to have to create new processes and adopt new tools to get there. Now, before you get there, I would argue that if you can do, like, 10-10-10 or, like, whatever number you start with, you're on a mission to make that number smaller, right? So, if today, you can detect a crypto miner in 30 minutes, that's not great because crypto miners are pretty detectable these days, but give yourself a goal of, like, getting that 30 minutes down to 20, or getting that 30 minutes down to 10, right?Because we are so obsessed with, like, measuring ourselves against our peers and all this other stuff that we sometimes lose track of what actually is improving our security program. So yes, compare it to yourself first. But ultimately, if you can meet the 5/5/5 benchmark, then you are doing great. Like, you are faster than the attackers in theory, so that's the dream.Corey: So, I have to ask, and I suspect I might know the answer to this, but given that it seems very hard to move this quickly, especially at scale, is there an argument to be made that effectively prevention obviates the need for any of this, where if you don't misconfigure things in ways that should be obvious, if you practice defense-in-depth to a point where you can effectively catch things that the first layer meets with successive layers, as opposed to, “Well, we have a firewall. Once we're inside of there, well [laugh], it's game over for us.” Is prevention sufficient in some ways to obviate this?Anna: I think there are a lot of people that would love to believe that that's true.Corey: Oh, I sure would. It's such a comforting story.Anna: And we've done, like, I think one of my opening sentences in the benchmark, kind of, description, actually, is that we've done a pretty good job of advertising prevention in Cloud as an important thing and getting people to actually, like, start configuring things more carefully, or like, checking how those things have been configured, and then changing that configuration should they discover that it is not compliant with some mundane standard that everyone should know, right? So, we've made great progress, I think, in cloud prevention, but as usual, like, prevention fails, right? Like I still have smoke detectors in my house, even though I have done everything possible to prevent it from catching fire and I don't plan to set it on fire, right? But like, threat detection is one of these things that you're always going to need because no matter what you do, A, you will make a mistake because you're a human being, and there are too many things, and you'll make a mistake, and B, the bad guys are literally in the business of figuring ways around your prevention and your protective systems.So, I am full on on defense-in-depth. I think it's a beautiful thing. We should only obviously do that. And I do think that prevention is your first step to a holistic security program—otherwise, what even is the point—but threat detection is always going to be necessary. And like I said, even if you can't go 5/5/5, you don't have threat detection at that speed, you need to at least be able to know what happened later so you can update your prevention system.Corey: This might be a dangerous question to get into, but why not, that's what I do here. This [could 00:17:27] potentially an argument against Cloud, by which I mean that if I compromise someone's Cloud account on any of the major cloud providers, once I have access of some level, I know where everything else in the environment is as a general rule. I know that you're using S3 or its equivalent, and what those APIs look like and the rest, whereas as an attacker, if I am breaking into someone's crappy data center-hosted environment, everything is going to be different. Maybe they don't have a SAN at all, for example. Maybe they have one that hasn't been patched in five years. Maybe they're just doing local disk for some reason.There's a lot of discovery that has to happen that is almost always removed from Cloud. I mean, take the open S3 bucket problem that we've seen as a scourge for 5, 6, 7 years now, where it's not that S3 itself is insecure, but once you make a configuration mistake, you are now in line with a whole bunch of other folks who may have much more valuable data living in that environment. Where do you land on that one?Anna: This is the ‘leave cloud to rely on security through obscurity' argument?Corey: Exactly. Which I'm not a fan of, but it's also hard to argue against from time-to-time.Anna: My other way of phrasing it is ‘the attackers are ripping up the stack' argument. Yeah, so—and there is some sort of truth in that, right? Part of the reason that attackers can move that fast—and I think we say this a lot when we talk about the threat report data, too, because we literally see them execute this behavior, right—is they know what the cloud looks like, right? They have access to all the API documentation, they kind of know what all the constructs are that you're all using, and so they literally can practice their attack and create all these scripts ahead of time to perform their reconnaissance because they know exactly what they're looking at, right? On-premise, you're right, like, they're going to get into—even to get through my firewall, whatever, they're getting into my data center, they don't do not know what disaster I have configured, what kinds of servers I have where, and, like, what the network looks like, they have no idea, right?In Cloud, this is kind of all gifted to them because it's so standard, which is a blessing and a curse. It's a blessing because—well for them, I mean, because they can just programmatically go through this stuff, right? It's a curse for them because it's a blessing for us in the same way, right? Like, the defenders… A, have a much easier time knowing what they even have available to them, right? Like, the days of there's a server in a closet I've never heard of are kind of gone, right? Like, you know what's in your Cloud account because, frankly, AWS tells you. So, I think there is a trade-off there.The other thing is—about the moving up the stack thing, right—like no matter what you do, they will come after you if you have something worth exploiting you for, right? So, by moving up the stack, I mean, listen, we have abstracted all the physical servers, all of the, like, stuff we used to have to manage the security of because the cloud just does that for us, right? Now, we can argue about whether or not they do a good job, but I'm going to be generous to them and say they do a better job than most companies [laugh] did before. So, in that regard, like, we say, thank you, and we move on to, like, fighting this battle at a higher level in the stack, which is now the workloads and the cloud control plane, and the you name it, whatever is going on after that. So, I don't actually think you can sort of trade apples for oranges here. It's just… bad in a different way.Corey: Do you think that this benchmark is going to be used by various companies who will learn about it? And if so, how do you see that playing out?Anna: I hope so. My hope when we created it was that it would sort of serve as a goalpost or a way to measure—Corey: Yeah, it would just be marketing words on a page and never mentioned anywhere, that's our dream here.Anna: Yeah, right. Yeah, I was bored. So, I wrote some—[laugh].Corey: I had a word minimum to get out the door, so there we are. It's how we work.Anna: Right. As you know, I used to be a Gartner analyst, and my desire is always to, like, create things that are useful for people to figure out how to do better in security. And my, kind of, tenure at the vendor is just a way to fund that [laugh] more effectively [unintelligible 00:21:08].Corey: Yeah, I keep forgetting you're ex-Gartner. Yeah, it's one of those fun areas of, “Oh, yeah, we just want to basically talk about all kinds of things because there's a—we have a chart to fill out here. Let's get after it.”Anna: I did not invent an acronym, at least. Yeah, so my goal was the following. People are always looking for a benchmark or a goal or standard to be like, “Hey, am I doing a good job?” Whether I'm, like a SOC analyst or director, and I'm just looking at my little SOC empire, or I'm a full on CSO, and I'm looking at my entire security program to kind of figure out risk, I need some way to know whether what is happening in my organization is, like, sufficient, or on par, or anything. Is it good or is it bad? Happy face? Sad face? Like, I need some benchmark, right?So normally, the Gartner answer to this, typically, is like, “You can only come up with benchmarks that are—” they're, like, “Only you know what is right for your company,” right? It's like, you know, the standard, ‘it depends' answer. Which is true, right, because I can't say that, like, oh, a huge multinational bank should follow the same benchmark as, like, a donut shop, right? Like, that's unreasonable. So, this is also why I say that our benchmark is probably more tailored to the more advanced organizations that are dealing with kind of high maturity phenomena and are more cloud-native, but the donut shops should kind of strive in this direction, right?So, I hope that people will think of it this way: that they will, kind of, look at their process and say, “Hey, like, what are the things that would be really bad if they happened to me, in terms of sort detection?” Like, “What are the threats I'm afraid of where if I saw this in my cloud environment, I would have a really bad day?” And, “Can I detect those threats in 5/5/5?” Because if I can, then I'm actually doing quite well. And if I can't, then I need to set, like, some sort of roadmap for myself on how I get from where I am now to 5/5/5 because that implies you would be doing a good job.So, that's sort of my hope for the benchmark is that people think of it as something to aspire to, and if they're already able to meet it, then that they'll tell us how exactly they're achieving it because I really want to be friends with them.Corey: Yeah, there's a definite lack of reasonable ways to think about these things, at least in ways that can be communicated to folks outside of the bounds of the security team. I think that's one of the big challenges currently facing the security industry is that it is easy to get so locked into the domain-specific acronyms, philosophies, approaches, and the rest, that even coming from, “Well, I'm a cloud engineer who ostensibly needs to know about these things.” Yeah, wander around the RSA floor with that as your background, and you get lost very quickly.Anna: Yeah, I think that's fair. I mean, it is a very, let's say, dynamic and rapidly evolving space. And by the way, like, it was really hard for me to pick these numbers, right, because I… very much am on that whole, ‘it depends' bandwagon of I don't know what the right answer is. Who knows what the right answer is [laugh]? So, I say 5/5/5 today. Like, tomorrow, the attack takes five minutes, and now it's two-and-a-half/two-and-a-half, right? Like it's whatever.You have to pick a number and go for it. So, I think, to some extent, we have to try to, like, make sense of the insanity and choose some best practices to anchor ourselves in or some, kind of like, sound logic to start with, and then go from there. So, that's sort of what I go for.Corey: So, as I think about the actual reaction times needed for 5/5/5 to actually be realistic, people can't reliably get a hold of me on the phone within five minutes, so it seems like this is not something you're going to have humans in the loop for. How does that interface with the idea of automating things versus giving automated systems too much power to take your site down as a potential failure mode?Anna: Yeah. I don't even answer the phone anymore, so that wouldn't work at all. That's a really, really good question, and probably the question that gives me the most… I don't know, I don't want to say lost sleep at night because it's actually, it's very interesting to think about, right? I don't think you can remove humans from the loop in the SOC. Like, certainly there will be things you can auto-respond to some extent, but there'd better be a human being in there because there are too many things at stake, right?Some of these actions could take your entire business down for far more hours or days than whatever the attacker was doing before. And that trade-off of, like, is my response to this attack actually hurting the business more than the attack itself is a question that's really hard to answer, especially for most of us technical folks who, like, don't necessarily know the business impact of any given thing. So, first of all, I think we have to embrace other response actions. Back to our favorite crypto miners, right? Like there is no reason to not automatically shut them down. There is no reason, right? Just build in a detection and an auto-response: every time you see a crypto miner, kill that process, kill that container, kill that node. I don't care. Kill it. Like, why is it running? This is crazy, right?I do think it gets nuanced very quickly, right? So again, in SCARLETEEL, there are essentially, like, five or six detections that occur, right? And each of them theoretically has a potential auto-response that you could have executed depending on your, sort of, appetite for that level of intervention, right? Like, when you see somebody assuming a role, that's perfectly normal activity most of the time. In this case, I believe they actually assumed a machine role, which is less normal. Like, that's kind of weird.And then what do you do? Well, you can just, like, remove the role. You can remove that person's ability to do anything, or remove that role's ability to do anything. But that could be very dangerous because we don't necessarily know what the full scope of that role is as this is happening, right? So, you could take, like, a more mitigated auto-response action and add a restrictive policy to that rule, for example, to just prevent activity from that IP address that you just saw, right, because we're not sure about this IP address, but we're sure about this role, right?So, you have to get into these, sort of, risk-tiered response actions where you say, “Okay, this is always okay to do automatically. And this is, like, sometimes, okay, and this is never okay.” And as you develop that muscle, it becomes much easier to do something rather than doing nothing and just, kind of like, analyzing it in forensics and being, like, “Oh, what an interesting attack story,” right? So, that's step one, is just start taking these different response actions.And then step two is more long-term, and it's that you have to embrace the cloud-native way of life, right? Like this immutable, ephemeral, distributed religion that we've been selling, it actually works really well if you, like, go all-in on the religion. I sound like a real cult leader [laugh]. Like, “If you just go all in, it's going to be great.” But it's true, right?So, if your workflows are immutable—that means they cannot change as they're running—then when you see them drifting from their original configuration, like, you know, that is bad. So, you can immediately know that it's safe to take an auto-respon—well, it's safe, relatively safe, take an auto-response action to kill that workload because you are, like, a hundred percent certain it is not doing the right things, right? And then furthermore, if all of your deployments are defined as code, which they should be, then it is approximately—[though not entirely 00:27:31]—trivial to get that workload back, right? Because you just push a button, and it just generates that same Kubernetes cluster with those same nodes doing all those same things, right? So, in the on-premise world where shooting a server was potentially the, you know, fireable offense because if that server was running something critical, and you couldn't get it back, you were done.In the cloud, this is much less dangerous because there's, like, an infinite quantity of servers that you could bring back and hopefully Infrastructure-as-Code and, kind of, Configuration-as-Code in some wonderful registry, version-controlled for you to rely on to rehydrate all that stuff, right? So again, to sort of TL;DR, get used to doing auto-response actions, but do this carefully. Like, define a scope for those actions that make sense and not just, like, “Something bad happened; burn it all down,” obviously. And then as you become more cloud-native—which sometimes requires refactoring of entire applications—by the way, this could take years—just embrace the joy of Everything-as-Code.Corey: That's a good way of thinking about it. I just, I wish there were an easier path to get there, for an awful lot of folks who otherwise don't find a clear way to unlock that.Anna: There is not, unfortunately [laugh]. I mean, again, the upside on that is, like, there are a lot of people that have done it successfully, I have to say. I couldn't have said that to you, like, six, seven years ago when we were just getting started on this journey, but especially for those of you who were just at KubeCon—however, long ago… before this airs—you see a pretty robust ecosystem around Kubernetes, around containers, around cloud in general, and so even if you feel like your organization's behind, there are a lot of folks you can reach out to to learn from, to get some help, to just sort of start joining the masses of cloud-native types. So, it's not nearly as hopeless as before. And also, one thing I like to say always is, almost every organization is going to have some technical debt and some legacy workload that they can't convert to the religion of cloud.And so, you're not going to have a 5/5/5 threat detection SLA on those workloads. Probably. I mean, maybe you can, but probably you're not, and you may not be able to take auto-response actions, and you may not have all the same benefits available to you, but like, that's okay. That's okay. Hopefully, whatever that thing is running is, you know, worth keeping alive, but set this new standard for your new workloads. So, when your team is building a new application, or if they're refactoring an application, can't afford the new world, set the standard on them and don't, kind of like, torment the legacy folks because it doesn't necessarily make sense. Like, they're going to have different SLAs for different workloads.Corey: I really want to thank you for taking the time to speak with me yet again about the stuff you folks are coming out with. If people want to learn more, where's the best place for them to go?Anna: Thanks, Corey. It's always a pleasure to be on your show. If you want to learn more about the 5/5/5 benchmark, you should go to sysdig.com/555.Corey: And we will, of course, put links to that in the show notes. Thank you so much for taking the time to speak with me today. As always, it's appreciated. Anna Belak, Director at the Office of Cybersecurity Strategy at Sysdig. I'm Cloud Economist Corey Quinn, and this has been a promoted guest episode brought to us by our friends at Sysdig. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry, insulting comment that I will read nowhere even approaching within five minutes.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business, and we get to the point. Visit duckbillgroup.com to get started.

Our final episode for 2023 is here! To wrap up the year, Andy and Umut Alemdar will be discussing our Monthly Threat Report for December 2023. The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. In this episode, Andy and Umut are focusing on data from the month of November.  Tune in to hear about Microsoft's recent zero-day vulnerabilities, the most common file types used to deliver malicious payloads, M365 brand impersonations and a lot more!  Episode Resources: Full Monthly Threat Report - December 2023 Annual Cyber Security Report 2024 - Free Download

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from October.  During the episode, Andy and Eric Siron explore the rise of PDF-delivered malicious payloads, shifts in target industries, and escalating brand impersonation attempts in shipping and finance. They delve into Microsoft's response to a recent cloud services attack and a significant vulnerability in Citrix NetScalers dubbed CitrixBleed, shedding light on the evolving threat landscape.   Join us for an insightful analysis of the latest cybersecurity developments, providing valuable insights for both professionals and enthusiasts alike.  Timestamps: (3:07) – What is the general state of email threats during the last month?  (6:31) – What types of files are being used to deliver malicious files?  (9:38) – What industries are being targeted the most throughout the data period?  (14:40) – What are the most impersonated brands during the last month?  (18:52) – An update on the Microsoft Storm-0558 breach  (23:01) – The CitrixBleed Vulnerability Impacting Citrix NetScaler  (30:31) – Commentary on the SEC's charges against SolarWinds and their CISO  Episode Resources: Full Monthly Threat Report for November Law Enforcement Shutdown of Qakbot Paul and Andy Discuss Storm-0558 Security Awareness Service - Request Demo Andy on LinkedIn , Twitter , Mastodon Eric on Twitter

I sit down with Bob Burns, the Chief Product Security Officer at Thales Cloud Protection and Licensing, a division of Thales. The discussion was a deep dive into the alarming statistics and insights from Thales' 2023 Data Threat Report, which provides a comprehensive look at the evolving landscape of cybersecurity threats, notably ransomware. Bob starts the conversation by highlighting how ransomware attacks have not just increased in frequency but have also evolved in sophistication. What's more disconcerting is that despite this knowledge, the industry as a whole has not substantially improved its cybersecurity posture. This lack of progress is manifesting as a critical impact on businesses, disrupting operations and diminishing revenues. We continue to delve into the worrisome metrics around data loss due to cyberattacks. Bob's insights bring to light the severe implications of inadequate cybersecurity planning. The conversation touches on the notion that having a robust ransomware plan isn't just a technological necessity but also a strategic imperative for business continuity. Bob stresses the value of proactive rather than reactive measures in mitigating the threat landscape. Legal and ethical considerations also take center stage in the discussion. We explore the complexities that organizations face when deciding whether or not to pay a ransom. The debate surfaces the ethical dilemmas, legal repercussions, and long-term business consequences that accompany such a critical decision. At the heart of the episode is the conversation on the financial impact of ransomware attacks. We both agree that beyond data loss and potential reputational damage, the most immediate effect is on a company's bottom line. The 2023 Data Threat Report supports this view, revealing that of those affected, a staggering 67% experienced some form of data loss, with 35% reporting a significant impact or exposure to external operations. The episode concludes with an analysis of how companies are shifting their spending to prevent ransomware attacks, as revealed by the 2023 Data Threat Report. While 61% of respondents claim they would allocate or shift budgets toward ransomware preventive tools, the report also indicates a lack of clarity in terms of what specific tooling organizations are investing in. Despite these incremental changes in spending, the report underscores the need for more coordinated efforts between stakeholders. In sum, the episode is a compelling discourse that not only provides alarming statistics about the increasing threat of ransomware but also engages listeners in the broader complexities of cybersecurity planning, ethical considerations, and financial consequences. It serves as an invaluable guide for business leaders, IT professionals, and policymakers seeking to understand and address the intricate challenges posed by ransomware and other evolving cybersecurity threats.

In this episode of Security Visionaries, we sit down for a conversation with Ray Canzanese, Director of Netskope Threat Labs, to discuss some of the big takeaways from the just released October 2023 Cloud and Threat Report. Ray digs into why he chose to focus on the adversary this time around, what surprised him about his findings, and how security folks and beyond can best use the findings from this report. Read the latest Cloud and Threat Report at: https://www.netskope.com/netskope-threat-labs 

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of September 2023.   The cybersecurity landscape is ever-evolving, and this month is no exception. Andy and Umut will be analysing the latest types of email threats. Unsurprisingly, the Entertainment and Mining industries continue to be the bullseye for malicious actors. Over the past 30 days, these sectors have borne the brunt of cyberattacks. Meanwhile, Microsoft remains in the spotlight for all the wrong reasons, as security incidents continue to plague the tech giant. This raises questions about the company's security culture and its ability to safeguard its vast user base.  Tune in for more details!  Timestamps: (2:37) – Email Threat Numbers for the data period.  (4:18) – File Types used for the delivery of malicious payloads.  (7:39) – What are the top targeted industry verticals?  (11:19) – What were the most impersonated brands during the last month?  (21:15) – Microsoft's Continued Security Issues  (31:19) – Vulnerabilities in libwebp  Episode Resources: Full Monthly Threat Report - October 2023 Andy and Paul Discuss Microsoft Security Problems

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.  In today's episode with Yvonne Bernard – CTO at Hornetsecurity, we are analyzing data from the month of August 2023.  During the episode, Andy and Yvonne explore the overall threat trends including:   The most common malicious file types used to deliver payloads, with HTML files taking the lead  The decline of malicious PDF and archive files, likely due to the disruption of Qakbot.   The industries that were most targeted over the past month as well as some brands that cybercriminals are impersonating in phishing attacks.  The impact of the FBI's disruption of Qakbot.  The Storm-0558 breach.  A French government agency and a software vendor in the gaming space both had breaches that accounted for the PII of roughly 14 million individuals being stolen by threat actors.  Timestamps: (3:22) – General threat trends for this month's data period  (7:11) – What were the most used file types used for malicious payloads during the data period?  (10:10) – What are the most targeted industries for this data period?  (12:04) – The most impersonated brands from this month's report  (16:52) – Commentary on the FBI's disruption of the Qakbot Botnet  (22:54) – An update on the Microsoft Storm-0558 breach  (33:46) – Data breaches account for 14 million lost records  Episode Resources: Full Monthly Threat Report - September 2023 EP07: A Discussion and Analysis of Qakbot  Security Awareness Service Andy on LinkedIn, Twitter, Mastadon  Yvonne on LinkedIn 

In H1 2023, intrusion vectors were closing left and right. This forced many cybercriminals to search for alternative ways to compromise devices of their victims. While some of the attackers tried revisiting old routes such as brute-forcing MS SQL servers or distributing (AI-generated?) sextortion and text-based email messages, others kickstarted several Android apps running usury schemes. But there's also good news. Emotet botnet went quiet after a month of dwindling and ineffective campaigning, and Redline stealer – a notorious malware-as-a-service – has been disrupted by ESET researchers and their friends at Flare systems. Of course, this podcast episode can only cover so much of the ESET Threat report. If you wish to learn about other topics it covers, visit WeLiveSecurity. Discussed: Sextortion and text-based threats 1:46, brute force attacks on MS SQL servers 7:10, usury Android apps 9:20, Emotet activity 13:25, RedLine Stealer disruption 16:45. Host: Aryeh Goretsky, ESET Distinguished Researcher Guest: Ondrej Kubovic, Security Awareness Specialist Read more @WeLiveSecurity.com and @ESETresearch on Twitter ESET Threat Reports and ESET APT Activity Reports

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. Every month, Andy will be hosting an episode to dive into the key takeaways from the report.  In today's episode, Andy and Umut will be sharing a threat overview based on data from the Security Lab throughout July 2023. From the changing tactics in email attacks, to new brand impersonations and the impact of dark-web generative AI (Artificial Intelligence) tools like WormGPT, we will equip you with the right information to help you stay ahead of these new emerging threats.   Timestamps: (2:43) – Net increase in all email threat categories during the data period  (4:17) – The mostly commonly used file-types for payload delivery during the data period  (7:24) – The most targeted industry vertical during the data period  (10:13) – Most impersonated brands during the data period  (15:49) – The rise of malicious generative AI like WormGPT  (22:55) – The continued fallout from the MOVEit vulnerabilities  (26:46) – The breach of Microsoft Cloud services by Storm-0558  Episode Resources: Monthly Threat Report - August 2023  EP 01 - We Used ChatGPT to Create Ransomware Andy on LinkedIn, Twitter or Mastodon  Umut on LinkedIn 

This episode begins a special four episode series focusing on the ISF's latest report, Threat Horizon 2025: Scenarios for an Uncertain Future.  Today, ISF CEO Steve Durbin and ISF Podcast producer Tavia Gilbert offer an overview, setting the stage for this Threat Report. Then over the next several weeks, we'll have a deeper discussion about each of the three major threat areas featured in the report. More resources from ISF related to this episode: LINK THREAT HORIZON REPORT ON SECURITYFORUM.ORG Threat Horizon 2024: The Disintegration of Trust Threat Horizon 2023: Security at a Tipping Point Threat Horizon 2022: Digital and Physical Worlds Collide Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

Grayson Milbourne is the Security Intelligence Director for OpenText Cybersecurity. In this episode, Grayson talks about some of the findings of the 2023 OpenText Cybersecurity Threat Report related to the most common types of cyber threats and discusses the advantages of a multi-layered approach to cybersecurity. Grayson also provides recommendations for cyber awareness and training. OpenText Cybersecurity https://www.opentext.com/products/cyber-security The Secure Talk Cybersecurity Podcast https://securetalkpodcast.com/

In the last four months of 2022, Russia-aligned APT groups unleashed several data-destroying malware variants on Ukraine. Android detections grew rapidly, while most of the crimeware scene continued on a downward spiral. In this ESET Research Podcast episode, Aryeh Goretsky and Ondrej Kubovic explore trends in several threat areas, including ransomware, exploits used for initial access, and more. For additional security research topics, visit WeLiveSecurity. Host: Aryeh Goretsky, ESET Distinguished Researcher Guest: Ondrej Kubovic, Security Awareness Specialist Read more @WeLiveSecurity.com and @ESETresearch on Twitter Reports: ESET Threat Report T3 2022 ESET APT Activity Report T3 2022

topics What were the biggest stories of 2022? Any notable trends that you saw https://acut3.github.io/bug-bounty/2023/01/03/fetch-diversion.html (fetch Diversion) I got 5 million steps in 2022! Looking to jog/run 350 miles https://medium.com/@jdowde2/the-security-threat-of-and-in-file-path-strings-d75ee695eb3a  (danger of , and .. in file paths Google's threat Horizon's report     Additional information / pertinent Links (would you like to know more?): https://services.google.com/fh/files/blogs/gcat_threathorizons_full_jan2023.pdf (google's Threat Horizons report) https://securityboulevard.com/2023/01/google-cybersecurity-action-team-threat-horizons-report-5-is-out/  https://medium.com/malware-buddy/6-useful-infographics-for-threat-intelligence-240d6aca333e  https://www.vice.com/en/article/zmpx4x/hacker-monitor-cars-kill-engine-gps-tracking-apps youtube.c https://hbr.org/2016/09/excess-management-is-costing-the-us-3-trillion-per-year  https://thenewstack.io/circleci-secrets-catastrophe/ https://www.nbc29.com/2023/01/06/twitter-leak-exposes-235-million-email-addresses-hack/  https://www.vice.com/en/article/zmpx4x/hacker-monitor-cars-kill-engine-gps-tracking-apps    Show Points of Contact: Amanda Berlin: @infosystir @hackershealth  Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake @bryanbrake@mastodon.social Website: https://www.brakeingsecurity.com Twitch: https://twitch.tv/brakesec   

This episode of the Cloud Security Today podcast welcomes back favorite special guests Jay Chen and Nathaniel “Q” Quist to unpack the latest Cloud Threat Report. Join host Matt Chiodi as he shares insights from the report and analyzes the current state of cloud security.Beginning with an in-depth look at Identity and Access Management (IAM) in cloud security, the guests talk about the latest changes in cloud security. They discuss the report's findings on permissions and what cloud systems providers are currently doing (or not doing) to help keep cloud data secure. At the end of the episode, Jay and Q give tips on how to stay up-to-date on developments in the cloud security landscape and reveal the next projects that they're working on. If you enjoyed this episode, you can show your support for the podcast by rating and reviewing it and by subscribing to Cloud Security Today wherever you listen to podcasts.  Show Notes/Timestamps[2:11] Matt welcomes repeat guests Jay and Q onto the show[3:36] So, what's changed for Identity and Access Management over the last year? [8:05] Jay lays out what makes good cloud governance so difficult[11:50] Complicating factors in cloud security[14:22] What does the research show about permissions and over permissions on cloud systems? [17:28] “When you can't figure out what to do, you add more permissions:” How permissions multiply[20:19] Are cloud service providers helping or hindering cloud security?[24:03] Debating the Infrastructure as Code framework[28:13] Q breaks down the Cloud Threat Actor Index [31:32] Q's top five bad actors on the cloud security landscape[35:11] Jay gives his recommendations for IAM[39:55] How you can stay up-to-date on the latest developments in cloud security[42:10] The next projects that Jay and Q are working onLinksCheck out this episode's sponsor, Prisma CloudUnit 42 reportsIAM-Deescalate ToolCloud Sec ListComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.

 In this ISACA Podcast episode, ESET's Chief Security Evangelist, Tony Anscombe, joins ISACA's Principal, Emerging Technology Professional Practices, Collin Beder to discuss ESET's recently released T2 2022 Threat Report. As a global leader in cybersecurity, ESET's T2 2022 Threat Report summarizes the most notable trends that have shaped the threat landscape for the past four months. This report dives into CloudMensis, the previously unknown macOS malware discovered by ESET researchers. To read the full ESET report: https://www.welivesecurity.com/wpcontent/uploads/2022/10/eset_threat_report_t22022.pdf. For more information, check out ESET's award-winning blog: WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research. To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

Ransomware continues to remain the primary threat facing organizations, according to  the most recent Secureworks® 2022 State of the Threat Report. Despite a series of high-profile law enforcement interventions, public leaks, and a small slowdown over the summer months, ransomware operators have maintained high levels of activity. Join Secureworks Security Threat Researcher Alex Tilley as he discusses ransomware and what you can do to defend against it.

Secureworks® State of the Threat Report 2022 has seen a 150% rise in the use of infostealers, making them a key precursor to ransomware. Join Secureworks Security and Threat Researcher John Mancuso as he discusses the growing concern of infostealers malware, malicious software targeting your information. This malware targets almost anything that a cybercriminal can use to turn a profit, from login credentials to stored browser information and cryptocurrency data. 

On this week's episode Gar talks with Shishir Singh, Executive VP and CTO at BlackBerry Cyber Security. Shishir is a globally recognised cybersecurity expert with a career spanning 30+ years. In this conversation we discuss BlackBerry's pivot into cyber, IOT and protecting EV's. We then talk through the findings in BlackBerry's 2022 Threat Report, including the vulnerabilities that SMBs are facing.

CISA issues a Binding Operational Directive. An LA school district says ransomware operators missed most sensitive PII. An API protection report describes malicious transactions. Analysis of cyber risk in relation to SaaS applications. Joe Carrigan describes underground groups using stolen identities and deepfakes. Our guest is Eve Maler from ForgeRock on consumer identity breaches. And someone is making a nuisance of themself in Russia. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/191 Selected reading. Binding Operational Directive 23-01 (CISA) CISA Directs Federal Agencies to Improve Cybersecurity Asset Visibility and Vulnerability Detection (Cybersecurity and Infrastructure Security Agency)  CISA aims to expand cyber defense service across fed agencies, potentially further (Federal News Network) CISA directs federal agencies to track software and vulnerabilities (The Record by Recorded Future)  Student, Teacher Data Not Affected in Los Angeles School District Hack (Wall Street Journal) ‘No evidence of widespread impact,' LAUSD says of data released by hackers (KTLA)  New API Threat Research Shows that Shadow APIs Are the Top Threat Vecto (Cequence Security) Secureworks State of the Threat Report 2022: 52% of ransomware incidents over the past year started with compromise of unpatched remote services (Secureworks) Russian Citizens Wage Cyberwar From Within (Kyiv Post) Russian Hackers Take Aim at Kremlin Targets: Report (Infosecurity Magazine) Russian retail chain 'DNS' confirms hack after data leaked online (BleepingComputer)

Kelly Johnson, the Country Manager at ESET, a global award winning cybersecurity company, which provides complete protection without compromise for all your devices joins Enterprise Radio. The post ESET Threat Report: Cybersecurity appeared first on Enterprise Podcast Network - EPN.

ESET, a global leader in cybersecurity, has released its T1 2022 Threat Report, which summarizes the most notable trends that shaped the threat landscape from January to April 2022. Join ISACA's Research Advisor, Brian Fletcher, as he breaks down the ESET T1 2022 Threat Report with Chief Security Evangelist for ESET, Tony Anscombe. For more information, check out ESET's award-winning blog: WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research. Be sure to like, comment, and subscribe for more ISACA Productions content.

Today we're talking to Dan Schiappa, the Chief Product Officer at Sophos. And we discuss the rise of the ransomware economy, and how we can fight back. Findings from Sophos's 2022 Threat Report, and why it's important to find the right balance between threat detection and prevention in your security strategy. All of this right here, right now, on the ModernCTO Podcast!  To learn more about Sophos, check them out at https://www.sophos.com/

We enjoy the Sophos 2022 Threat Report. The world's {oldest, coolest} continously maintained browser. Facebook folds up its Face Recognition feature. Crooks combine a new social engineering scam with a new way of packaging malware. Kaseya ransomware suspect busted in Poland. Oh! No! How to block radio communications in a land with no hills. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity