- November 28, 2023After the shutdown of its leak site in October, we look at how ransomware group Trigona operated during its period of activity and discuss how enterprises can fortify their defenses against similar threats.
- November 23, 2023As technologies continue to evolve and expand, organizations experience a technological paradox: Their increasing interconnectivity means that they simultaneously become more distributed. Case in point, robust cloud and networking technologies support today’s widespread adoption of hybrid and remote work arrangements, allowing employees all over the globe to work remotely full time or at least part of the time.
- November 21, 2023Kubernetes, also known as K8s, is a very complex open-source platform that requires detailed attention to security. Despite previous efforts to increase its security, Kubernetes remains insecure by default and requires different security tools to protect the cluster.
- November 15, 2023We examine the automotive data ecosystem and take a closer look at privacy and security concerns arising from how data is generated, consumed, and transmitted by connected vehicles.
- November 13, 2023In today’s rapidly evolving digital landscape, the risk of personal and professional data being stolen by nefarious actors looms larger than ever. This report lays bare the stark reality of this threat, with a specific focus on the unequal risks associated with data theft and its subsequent misuse.
- October 31, 2023This report explores the aspects and considerations required to properly perform threat modeling within a Kubernetes environment, a piece of technology that many organizations worldwide rely on and a leading container orchestration platform.
- October 19, 2023We discuss proof-of-concept rootkits and malware used by cybercriminals in conjunction with Berkeley Packet Filtering (BPF), a piece of technology that allows programs to execute code in the operating systems of popular cloud-computing platforms. We also show how to detect such threats.
- October 09, 2023In this entry, we continue delving into an investigation of exposed registries and look at the types of files and information that malicious actors can access and compromise from these.
- October 09, 2023In our research, we demonstrate how easy it is to discover insecure deployments of MQTT, how to identify customers of these insecure deployments, what data is being transmitted, and explore how an attacker can potentially misuse the data or abuse the insecurity of MQTT brokers.