Summary: Proofpoint has announced its acquisition of Normalyze, a data security posture management startup, to enhance its capabilities in managing data visibility and control, particularly in the face of human error and complex data ecosystems. This acquisition aims to bolster data protection measures as organizations increasingly adopt cloud, SaaS, and AI technologies.…
Tag: DLP
Short Summary:
The Microsoft Digital Defense Report 2024 reveals a complex global cybersecurity landscape, with over 600 million cyberattacks occurring daily. The report highlights the rise of ransomware, phishing, and identity breaches, as well as the collaboration between cybercrime gangs and nation-state actors. It emphasizes the critical role of AI in both attacks and defenses, urging organizations to adopt proactive, multi-layered strategies to combat these evolving threats.…
Short Summary:
The “Vilsa Stealer” is a newly identified malware discovered on GitHub, known for its efficiency in extracting sensitive data from various applications. It targets browser credentials, crypto wallets, and other personal information, employing advanced techniques to evade detection and maintain persistence on infected systems.…
Short Summary
Read More
Meow, a ransomware group that emerged in 2022, has gained attention for its unique operational model and rising victim count. It is often linked to Meow Leaks, which focuses on data exfiltration rather than encryption. The group’s tactics, techniques, and procedures (TTPs) involve phishing, exploitation, and the use of custom scripts for lateral movement.…
Short Summary:
Medusa is a Ransomware-as-a-Service (RaaS) targeting Windows environments, active since June 2021. It gained attention in early 2023 with the launch of its Dedicated Leak Site. Medusa spreads through exploiting vulnerabilities and hijacking accounts, utilizing advanced techniques to evade detection. Security teams are encouraged to validate their defenses against Medusa’s tactics using new tools from AttackIQ.…
Short Summary
Read More
The Summer Intelligence Insights report by Securonix Threat Labs highlights significant cyber threats identified over the last three months, including phishing campaigns, cyber-espionage efforts, and ransomware attacks. The report emphasizes the importance of monitoring tactics, techniques, and procedures (TTPs) used by threat actors, along with recommendations for protective measures to mitigate risks.…
Threat Actor: Fortibitch | Fortibitch Victim: Fortinet | Fortinet Price: 440GB of data Exfiltrated Data Type: Limited data related to Fortinet customers
Key Points :
A threat actor named Fortibitch claimed to have stolen 440GB of files from Fortinet’s Microsoft Sharepoint server. The breach involved unauthorized access to a third-party cloud-based shared file drive used by Fortinet.…Threat Actor: Unknown | unknown Victim: Fortinet | Fortinet Price: Not disclosed Exfiltrated Data Type: 440 GB of data
Key Points :
Fortinet, a prominent cybersecurity firm, reportedly suffered a data breach involving 440 GB of data. The data was allegedly made available on an S3 bucket by the threat actor.…
Short Summary
Read More
The report by CYFIRMA details the discovery of a sophisticated dropper binary known as BLX Stealer (or XLABB Stealer), designed to steal sensitive information from compromised systems. This malware, actively promoted on platforms like Telegram and Discord, targets credentials, browser data, and cryptocurrency wallets.…
Short Summary:
Mallox, also known as TargetCompany, FARGO, and Tohnichi, is a ransomware strain active since June 2021, operating under a Ransomware-as-a-Service (RaaS) model. It primarily targets unsecured MS-SQL servers through dictionary attacks, leveraging PowerShell for payload delivery. The group has been expanding its operations by recruiting affiliates and has been observed using various techniques for data exfiltration and lateral movement within networks.…
Summary: This report analyzes the rising use of data-exfiltration tools, particularly Rclone, by threat actors in cyber incidents, highlighting their capabilities and the implications for organizations. It also provides recommendations for enhancing security measures to mitigate the risks associated with data exfiltration.
Threat Actor: Various threat groups | LockBit, Black Basta, Blacksuit Victim: Organizations across sectors | US manufacturing sector, UK professional services
Key Point :
Rclone has been identified as the most frequently used data-exfiltration tool, appearing in 57% of incidents investigated by ReliaQuest.…Threat Actor: NVIDIA | NVIDIA Victim: Google, Netflix | Google, Netflix Price: Legal and ethical repercussions Exfiltrated Data Type: Videos from various sources
Key Points :
NVIDIA has reportedly used copyrighted videos from platforms like YouTube and Netflix for training AI models. The internal communications reveal that employees were instructed to bypass legal restrictions using virtual machines and open-source tools.…Summary: Security researchers have identified the largest publicly known ransomware payment of $75 million made to the Dark Angels group, highlighting a significant increase in ransomware attacks and the potential for other threat actors to mimic their tactics. The report emphasizes the need for organizations to adopt robust security measures to combat the evolving ransomware landscape.…
Summary: Healthcare organizations are increasingly at risk of exposing sensitive data, with a significant percentage of both publicly and privately shared files containing Personally Identifiable Information (PII). The rise in data breaches within the healthcare sector highlights the urgent need for improved data security measures and data loss prevention (DLP) tools.…
Summary: A recent study by Netskope reveals that over a third of sensitive data shared with GenAI applications is regulated, posing significant risks to businesses, including costly data breaches. Despite the increasing adoption of GenAI, many organizations are lagging in implementing effective data loss prevention (DLP) measures to safeguard sensitive information.…
Cactus is a ransomware strain discovered in March 2023 known for having compromised more than 140 entities as of July 2024.
Cactus typically obtains access to corporate networks by exploiting vulnerabilities in externally facing Virtual Private Network (VPN) software. Once access is secured, the ransomware establishes Command and Control (C2) communications with its operator via Secure Shell (SSH).…
Nefilim is a Ransomware-as-a-Service (RaaS) operation that emerged in March 2020 and is believed to have evolved from the Nemty ransomware family. This attribution is due to the fact that Nefilim arose at the time when Nemty’s operators decided to quit the RaaS business model to concentrate their efforts on more selective attacks with more dedicated resources.…
Summary: The content discusses the use of unsanctioned apps, including AI, by cybersecurity professionals and the risks associated with it.
Threat Actor: N/A Victim: N/A
Key Point :
73% of cybersecurity professionals have used unsanctioned apps, including AI, in the past year. Most professionals acknowledged data loss, lack of visibility and control, and data breaches as the top risks of using unauthorized tools.…Summary: This content discusses a data security startup called Odaseva that has raised $54 million to enhance its services.
Threat Actor: N/A Victim: N/A
Key Point :
A data security startup called Odaseva has raised $54 million in a Series C funding round led by Silver Lake.…Summary: This content discusses the topic of data security and the funding raised by a data security vendor.
Threat Actor: N/A Victim: N/A
Key Point :
A data security vendor, led by a former Nutanix and Palo Alto Networks executive, has raised $88 million in funding to develop new solutions.…