Monday 2/12
CrowdStrike Defends Against Azure Cross-Tenant Synchronization Attacks (CrowdStrike)
As Microsoft Azure continues to gain market share in the cloud infrastructure space, it has garnered attention from adversaries ranging from hacktivist and eCrime threat actors to nation-state adversaries. Recent attacks on Microsoft by cloud-focused threat actors like COZY BEAR are becoming more frequent and garnering huge attention.
https://www.crowdstrike.com/blog/crowdstrike-defends-against-azure-cross-tenant-synchronization-attacks/
Citrix LTSR: Plan, Upgrade, Succeed! – Part 2 (Citrix)
It is important for 1912 LTSR customers to begin prepping for an upgrade, as 1912 goes EOL in Dec 2024. Citrix previously announced that our new LTSR will be coming early 2024, which means it’s time to start planning your upgrade!
https://www.citrix.com/blogs/2024/02/05/citrix-ltsr-plan-upgrade-succeed-part-2/
Tuesday 2/13
“Go back inside before you catch a cold” ft. Bryon Singh
https://www.gothamtg.com/blog/go-back-inside-before-you-catch-a-cold
Bumblebee Buzzes Back in Black (Proofpoint)
Proofpoint researchers identified the return of Bumblebee malware to the cybercriminal threat landscape on 8 February 2024 after a four-month absence from Proofpoint threat data. Bumblebee is a sophisticated downloader used by multiple cybercriminal threat actors and was a favored payload from its first appearance in March 2022 through October 2023 before disappearing.
https://www.proofpoint.com/us/blog/threat-insight/bumblebee-buzzes-back-black
Elevating Cloud Security With Well-Architected Practices (CyberArk)
An integrated identity security strategy, enforcing least privilege and enabling Zero Trust, is the best line of defense against attacks in today’s threat landscape.
https://www.cyberark.com/resources/blog/elevating-cloud-security-with-well-architected-practices
Wednesday 2/14
January 2024’s Most Wanted Malware: Major VexTrio Broker Operation Uncovered and Lockbit3 Tops the Ransomware Threats (Check Point)
Researchers uncovered a large cyber threat distributor known as VexTrio, which serves as a major traffic broker for cybercriminals to distribute malicious content. Meanwhile, LockBit3 topped the list of active ransomware groups and Education was the most impacted industry worldwide.
https://blog.checkpoint.com/research/january-2024s-most-wanted-malware-major-vextrio-broker-operation-uncovered-and-lockbit3-tops-the-ransomware-threats/
How to Use Context-Based Authentication to Improve Security (HYPR)
One of the biggest security weak points for organizations involves their authentication processes. According to Google Cloud’s 2023 Threat Horizons Report, 86% of breaches involve stolen credentials.
https://blog.hypr.com/context-based-authentication-to-improve-security
Thursday 2/15
AI and Enterprise IT: How to Embrace Change without Disruption (Pure Storage)
AI may be a newer application, but its principles aren’t unfamiliar: the desire for faster decision-making based on the data a company has accumulated. However, what enterprises are building for AI is unlike anything they’ve built in the past.
https://blog.purestorage.com/perspectives/ai-and-enterprise-it-how-to-embrace-change-w-out-disruption/
Surge in “hunter-killer” malware poses significant challenge to security teams (CSO Online)
Cybercriminals are changing their tactics in response to the much-improved security of the average business and the wide use of tools offering more advanced capabilities to detect threats.
https://www.csoonline.com/article/1307744/surge-in-hunter-killer-malware-poses-significant-challenge-to-security-teams.html
Friday 2/16
An End to ESXi Free and Perpetual Licensing
Recent developments from Broadcom regarding VMware's offerings have sparked significant discussions within our organization and our client base. As we dive deeper into these changes, I thought I would write this blog post to discuss two recent changes that I have been asked about and their potential impacts.
https://www.gothamtg.com/blog/an-end-to-esxi-free-and-perpetual-licensing
Understanding Identity Threat Detection and Response (Arctic Wolf)
With the rise of hybrid work models, cloud computing, and rapid digitization in industries like healthcare and manufacturing, it’s a user’s identity that holds increasing power over a network’s function and security.
https://arcticwolf.com/resources/blog/understanding-identity-threat-detection-and-response/
Defining Incident Response Terminology (Axonius)
Each of these terms represents a different stage in understanding and responding to a potential threat. Highlighting and documenting the differences between these stages is critical for building a security operations function.
https://www.axonius.com/blog/defining-incident-response-terminology