DATE | NAME | Info | CATEG. | WEB |
21.12.24 | Something to Read When You Are On Call and Everyone Else is at the Office Party | Its mid-December, if you’re on-call or working to defend networks, this newsletter is for you. Martin discusses the widening gap between threat and defences as well as the growing problem of home devices being recruited to act as proxy servers for criminals. | Cyber blog | Cisco Blog |
21.12.24 | The adventures of an extroverted cyber nerd and the people Talos helps to fight the good fight | Ever wonder what an extroverted strategy security nerd does? Wonder no longer! This week, Joe pontificates on his journey at Talos, and then is inspired by the people he gets to meet and help. | Cyber blog | Cisco Blog |
21.12.24 | ESET Research Podcast: Telekopye, again | Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths' | Cyber blog | Eset |
21.12.24 | Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (ep. 9) | ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud | Cyber blog | Eset |
21.12.24 | Cybersecurity is never out-of-office: Protecting your business anytime, anywhere | While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year | Cyber blog | Eset |
21.12.24 | ESET Threat Report H2 2024: Key findings | ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025 | Cyber blog | Eset |
21.12.24 | ESET Threat Report H2 2024 | A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts | Cyber blog | Eset |
21.12.24 | Black Hat Europe 2024: Hacking a car – or rather, its infotainment system | Our ‘computers on wheels’ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow | Cyber blog | Eset |
21.12.24 | Black Hat Europe 2024: Why a CVSS score of 7.5 may be a 'perfect' 10 in your organization | Aggregate vulnerability scores don’t tell the whole story – the relationship between a flaw’s public severity rating and the specific risks it poses for your company is more complex than it seems | Cyber blog | Eset |
21.12.24 | Black Hat Europe 2024: Can AI systems be socially engineered? | Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally? | Cyber blog | Eset |
21.12.24 | How cyber-secure is your business? | Unlocked 403 cybersecurity podcast (ep. 8) | As cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats? | Cyber blog | Eset |
21.12.24 | Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks | Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost | Cyber blog | Eset |
21.12.24 | How cyber-secure is your business? | Unlocked 403 cybersecurity podcast (ep. 8) | As cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats? | Cyber blog | Eset |
21.12.24 | Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks | Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost | Cyber blog | Eset |
21.12.24 | Achieving cybersecurity compliance in 5 steps | Cybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements | Cyber blog | Eset |
2.11.24 | Talos IR trends Q3 2024: Identity-based operations loom large | Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance - read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions. | Cyber blog | Cisco Blog |
2.11.24 | Writing a BugSleep C2 server and detecting its traffic with Snort | This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort. | Cyber blog | Cisco Blog |
2.11.24 | Highlighting TA866/Asylum Ambuscade Activity Since 2021 | TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020. | Cyber blog | Cisco Blog |
2.11.24 | Month in security with Tony Anscombe – October 2024 edition | Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories | Cyber blog | Eset |
2.11.24 | How to remove your personal information from Google Search results | Have you ever googled yourself? Were you happy with what came up? If not, consider requesting the removal of your personal information from search results. | Cyber blog | Eset |
2.11.24 | Don't become a statistic: Tips to help keep your personal data off the dark web | You may not always stop your personal information from ending up in the internet’s dark recesses, but you can take steps to protect yourself from criminals looking to exploit it | Cyber blog | Eset |
2.11.24 | ESET Research Podcast: CosmicBeetle | Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world | Cyber blog | Eset |
2.11.24 | Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7) | “Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online – and even be the start of a predatory relationship | Cyber blog | Eset |
2.11.24 | Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships | The world needs more cybersecurity professionals – here are three great ways to give you an ‘in’ to the ever-growing and rewarding security industry | Cyber blog | Eset |
2.11.24 | Cyber insurance, human risk, and the potential for cyber-ratings | Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility? | Cyber blog | Eset |
2.11.24 | The complexities of attack attribution – Week in security with Tony Anscombe | Attributing a cyberattack to a specific threat actor is a complex affair, as evidenced by new ESET research published this week | Cyber blog | Eset |
2.11.24 | Cybersecurity Awareness Month needs a radical overhaul – it needs legislation | Despite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practices | Cyber blog | Eset |
2.11.24 | Gamaredon's operations under the microscope – Week in security with Tony Anscombe | ESET research examines the group's malicious wares as used to spy on targets in Ukraine in the past two years | Cyber blog | Eset |
28.9.24 | Cybersecurity Compass: Bridging the Communication Gap | Discover how to use the Cybersecurity Compass to foster effective conversations about cybersecurity strategy between non-technical and technical audiences, focusing on the phases of before, during, and after a breach. | Cyber blog | Trend Micro |
21.9.24 | Understanding cyber-incident disclosure | Proper disclosure of a cyber-incident can help shield your business from further financial and reputational damage, and cyber-insurers can step in to help | Cyber blog | Eset |
7.9.24 | The key considerations for cyber insurance: A pragmatic approach | Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options | Cyber blog | Eset |
31.8.24 | The Bug Report - August 2024 Edition | August 2024 Bug Report: Explore seven critical vulnerabilities—Ivanti vTM, Windows CLFS, Apache OFBiz, and more. Stay ahead of the threats, patch now! | Cyber blog | Trelix |
31.8.24 | What kind of summer has it been? | As we head into the final third of 2024, we caught up with Talos' Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern. | Cyber blog | Cisco Blog |
10.8.24 | No symbols? No problem! | This blog will share a tried and tested method for dealing with thousands of unknown functions in a given file to significantly decrease the time spent on analysis while improving accuracy. Once all theory is covered, an instance of the Golang based qBit stealer is analyzed with the demonstrated techniques to show what happens when the theory is put into practice. | Cyber blog | Trelix |
10.8.24 | Resilient Security Requires Mature Cyber Threat Intelligence Capabilities | We recently had the opportunity to support an important industry effort to advance threat intelligence, led by our partners at Intel 471. Trellix, along with 25+ cyber leaders, launched a new maturity model for cyber threat intelligence (CTI). | Cyber blog | Trelix |
10.8.24 | Black Hat USA 2024 recap – Week in security with Tony Anscombe | Unsurprisingly, many discussions focused on the implications of the recent CrowdStrike outage, including the lessons it may have offered for bad actors | Cyber blog | Eset |
10.8.24 | Black Hat USA 2024: All eyes on election security | In this high-stakes year for democracy, the importance of robust election safeguards and national cybersecurity strategies cannot be understated | Cyber blog | Eset |
10.8.24 | Black Hat USA 2024: How cyber insurance is shaping cybersecurity strategies | Cyber insurance is not only a safety net, but it can also be a catalyst for advancing security practices and standards | Cyber blog | Eset |
10.8.24 | Why tech-savvy leadership is key to cyber insurance readiness | Having knowledgeable leaders at the helm is crucial for protecting the organization and securing the best possible cyber insurance coverage | Cyber blog | Eset |
3.8.24 | Where to find Talos at BlackHat 2024 | This year marks the 10th anniversary of Cisco Talos, as the Talos brand was officially launched in August 2014 at Black Hat. | Cyber blog | Cisco Blog |
3.8.24 | The cyberthreat that drives businesses towards cyber risk insurance | Many smaller organizations are turning to cyber risk insurance, both to protect against the cost of a cyber incident and to use the extensive post-incident services that insurers provide | Cyber blog | Eset |
27.7.24 | Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike | On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike. | Cyber blog | Trend Micro |
27.7.24 | The Windows Registry Adventure #3: Learning resources | When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry. | Cyber blog | Project Zero |
27.7.24 | The massive computer outage over the weekend was not a cyber attack, and I’m not sure why we have to keep saying that | Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack." | Cyber blog | Cisco Blog |
27.7.24 | Building cyber-resilience: Lessons learned from the CrowdStrike incident | Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances | Cyber blog | Eset |
20.7.24 | Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike | On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike. | Cyber blog | Trend Micro |
20.7.24 | Teaming up with IBM to secure critical SAP workloads | Trend Micro partners with IBM to offer advanced threat detection and response for protecting critical infrastructures running on IBM Power servers | Cyber blog | Trend Micro |
20.7.24 | Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills | These five formidable bits of kit that can assist cyber-defenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurity | Cyber blog | Eset |
13.7.24 | Application Security report: 2024 update | Cloudflare’s updated 2024 view on Internet cyber security trends spanning global traffic insights, bot traffic insights, API traffic insights, and client-side risks... | Cyber blog | Cloudflare |
13.7.24 | Network detection & response: the SOC stress reliever | Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important. | Cyber blog | Trend Micro |
13.7.24 | Checking in on the state of cybersecurity and the Olympics | Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos. | Cyber blog | Cisco Blog |
| 29.6.24 | Omdia Report: Trend Disclosed 60% of Vulnerabilities | The latest Omdia Vulnerability Report shows Trend Micro™ Zero Day Initiative™ (ZDI) spearheaded 60% of 2023 disclosures, underscoring its role in cybersecurity threat prevention. | Cyber blog | Trend Micro |
| 29.6.24 | Not Just Another 100% Score: MITRE ENGENUITY ATT&CK | The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. | Cyber blog | Trend Micro |
| 29.6.24 | Tabletop exercises are headed to the next frontier: Space | More on the recent Snowflake breach, MFA bypass techniques and more. | Cyber blog | Cisco Blog |
| 29.6.24 | Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models | At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering, we're always looking for new approaches. | Cyber blog | Project Zero |
| 29.6.24 | The Windows Registry Adventure #3: Learning resources | When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry. | Cyber blog | Project Zero |
| 29.6.24 | ESET Threat Report H1 2024 | A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts | Cyber blog | Eset |
| 29.6.24 | Cyber insurance as part of the cyber threat mitigation strategy | Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies | Cyber blog | Eset |
| 29.6.24 | Buying a VPN? Here’s what to know and look for | VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes | Cyber blog | Eset |
| 29.6.24 | The long-tail costs of a data breach – Week in security with Tony Anscombe | Understanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidents | Cyber blog | Eset |
| 29.6.24 | My health information has been stolen. Now what? | As health data continues to be a prized target for hackers, here's how to minimize the fallout from a breach impacting your own health records | Cyber blog | Eset |
| 29.6.24 | Hacktivism is evolving – and that could be bad news for organizations everywhere | Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat | Cyber blog | Eset |
| 29.6.24 | Preventative defense tactics in the real world | Don’t get hacked in the first place – it costs far less than dealing with the aftermath of a successful attack | Cyber blog | Eset |
1.6.24 | Beyond the buzz: Understanding AI and its role in cybersecurity | A new white paper from ESET uncovers the risks and opportunities of artificial intelligence for cyber-defenders | Cyber blog | Eset |
18.5.24 | Rounding up some of the major headlines from RSA | Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference. | Cyber blog | Cisco Blog |
11.5.24 | It's a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe | More than 40,000 security experts descended on San Francisco this week. Let's now look back on some of the event's highlights – including the CISA-led 'Secure by Design' pledge also signed by ESET | Cyber blog | Eset |
| 28.4.24 | Talos IR trends: BEC attacks surge, while weaknesses in MFA persist | Within BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information. | Cyber blog | Cisco Blog |
| 28.4.24 | Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals | Python’s versatility and short learning curve are just two factors that explain the language’s 'grip' on cybersecurity | Cyber blog | Eset |
| 13.4.24 | eXotic Visit campaign: Tracing the footprints of Virtual Invaders | ESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous apps | Cyber blog | Eset |
| 13.4.24 | 7 reasons why cybercriminals want your personal data | Here's what drives cybercriminals to relentlessly target the personal information of other people – and why you need to guard your data like your life depends on it | Cyber blog | Eset |
| 31.3.24 | Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world | This rundown of 10 cyberattacks against the sports industry shows why every team needs to keep its eyes on the ball when it comes to cybersecurity | Cyber blog | Eset |
| 31.3.24 | Cybersecurity starts at home: Help your children stay safe online with open conversations | Struggle to know how to help children and teens stay safe in cyberspace? A good ol’ fashioned chat is enough to put them on the right track. | Cyber blog | Eset |
| 23.3.24 | “Pig butchering” is an evolution of a social engineering tactic we’ve seen for years | In the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package. | Cyber blog | Cisco Blog |
| 17.3.24 | Threat intelligence explained | Unlocked 403: A cybersecurity podcast | We break down the fundamentals of threat intelligence and its role in anticipating and countering emerging threats | Cyber blog | Eset |
| 17.3.24 | Election cybersecurity: Protecting the ballot box and building trust in election integrity | What cyberthreats could wreak havoc on elections this year and how worried should we as voters be about the integrity of our voting systems? | Cyber blog | Eset |
| 9.3.24 | The 3 most common post-compromise tactics on network infrastructure | We discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. These include modifying the device’s firmware, uploading customized/weaponized firmware, and bypassing security measures. | Cyber blog | Cisco Blog |
| 9.3.24 | Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” music | The bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand adversaries’ motivation and tactics. | Cyber blog | Cisco Blog |
| 25.2.24 | 2024’S CYBER BATTLEGROUND UNVEILED: ESCALATING RANSOMWARE EPIDEMIC, THE EVOLUTION OF CYBER WARFARE TACTICS AND STRATEGIC USE OF AI IN DEFENSE – INSIGHTS FROM CHECK POINT’S LATEST SECURITY REPORT | Rising Threats: Cybersecurity landscape faces an unprecedented surge in ransomware attacks, with 1 in every 10 organizations globally being targeted in 2023. | Cyber blog | Checkpoint |
| 25.2.24 | Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war | A mix of PSYOPs, espionage and … fake Canadian pharmacies! | Cyber blog | Eset |
| 10.2.24 | How are user credentials stolen and used by threat actors? | You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can 'log on' with valid account details, and outline our recommendations for defense. | Cyber blog | Cisco Blog |
| 4.2.24 | ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora | An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes | Cyber blog | Eset |
| 4.2.24 | Cyber: The Swiss army knife of tradecraft | In today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike | Cyber blog | Eset |
| 4.2.24 | Assessing and mitigating supply chain cybersecurity risks | Blindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk management | Cyber blog | Eset |