December Patch Tuesday addressed three zero-day vulnerabilities, including a critical flaw enabling Windows device hijacking. Microsoft urged immediate patching.

CISA reports PRC-backed hackers using BRICKSTORM malware for long-term access to US systems. The bac...

Researchers have discovered an inexpensive, full-featured malware-as-a-service kit combining vulnerability scanning, covert access, and DNS hijacking.

The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools.

An Australian law firm recently demonstrated the effectiveness of User and Entity Behavior Analytics (UEBA) in preventing a potential ransomware attack. The firm's UEBA system detected anomalous file access patterns by two employees, triggering alerts due to deviations from established behavioral baselines. Subsequent investigation revealed indicators of lateral movement and privilege escalation attempts, common precursors to ransomware deployment. By intervening before data encryption or exfiltration occurred, the firm successfully neutralized the threat. This incident underscores several critical aspects of modern cybersecurity. First, it validates UEBA's role in detecting insider threats and compromised accounts. UEBA systems leverage machine learning to establish normal behavior patterns, enabling the detection of subtle anomalies that traditional security measures might miss. In this case, the early detection of unusual file access patterns provided the firm with crucial time to investigate and respond. Second, the detection of lateral movement and privilege escalation attempts highlights the importance of monitoring these activities. Lateral movement, where attackers navigate through a network to identify valuable assets, and privilege escalation, where attackers gain elevated access rights, are common tactics in advanced cyber attacks. Detecting these activities early can disrupt the attack chain and prevent more severe incidents, such as ransomware deployment. Third, this incident emphasizes the importance of a robust incident response plan. The law firm's ability to secure the system before any data encryption or exfiltration occurred demonstrates the value of quick and effective response. This proactive approach can mitigate the impact of potential breaches, preventing data loss, financial damage, and reputational harm. For cybersecurity professionals, this case study offers several actionable insights. It reinforces the importance of implementing advanced threat detection technologies like UEBA. It also highlights the need for continuous monitoring and anomaly detection to identify and respond to threats early. Furthermore, it underscores the value of having a well-defined incident response plan that can be executed swiftly and effectively. In conclusion, this incident serves as a compelling example of how advanced threat detection and effective incident response can prevent significant cyber threats. By leveraging technologies like UEBA and maintaining robust incident response capabilities, organizations can better protect themselves against ransomware and other sophisticated cyber attacks.

The critical vulnerability allows attacks to escape the in-memory data store’s Lua sandbox and subsequently execute arbitrary code on the underlying server.

YouTube video by David Bombal

Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance...

On your path to improving your digital security, you may encounter bad actors who attempt to undermine your security goals. We call these bad actors adversaries. When an adversary sends an email (or text message or message in an app) or link that looks innocent, but is actually malicious it’s...

Why is Trump so hell-bent on defunding PBS? It’s part of a larger plan — one where he can control not just what we do, b