RansomwareActive adversary dwell time: The good (and bad) newsWhy dwell times -- defined as when an attack starts and when it is detected – have declined.
Network SecurityStrelaStealer malware hits more than 100 EU and US organizationsSecurity pros say StrelaStealer uses control flow obfuscation — a technique that lets the threat actor better evade detection and reverse engineering.
RansomwareConnectWise ScreenConnect attacks deliver malwareMultiple attacks exploit vulnerabilities in an IT remote access tool to deliver a variety of different payloads into business environments.
Data SecurityIs Cozy Bear targeting Western political parties with phishing attacks?Google Mandiant says APT29 targeted German politicians and is a threat to Western political parties.
RansomwareFighting active adversaries: The need for dynamic defensesHow to gain the insights necessary to change security policies as active adversaries persist.
RansomwareLockBit: Lessons learned on winning the war on cybercrimeMaking sense of the ransomware-group takedown -- what it means for ransomware and law enforcement
Vulnerability ManagementRobots, UDP, GoFetch, DCs, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More – SWN #371Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News.
RansomwareTakedowns spark affiliate bidding war among ransomware gangsAfter authorities disrupted LockBit and ALPHV/BlackCat, smaller extortion groups are scrambling to recruit their former affiliates.
MalwareQakbot mechanizes distribution of malicious OneNote notebooksA large-scale "QakNote" attack deploys malicious .one files as a novel infection vector
RansomwareAdversarial evolution: How defenders must also evolveTo effectively respond, organizations must have an adaptable security posture.
Threat predictions for 2024: Chained AI and CaaS operations give attackers more ‘easy’ buttons than everSponsored by FortinetNovember 22, 2023
Watch: FBI encourages reporting of cyber incidents, backs legislationStephen WeigandDecember 23, 2021
The Change Healthcare attack points out the real need to modernize healthcare cybersecurityMorgan Wright March 20, 2024
Congress must understand that there’s no patient safety without strong cybersecurity Toby Gouker March 13, 2024