Tag: detection
-
Why Zscaler’s Acquisition of Red Canary Matters to Your Cybersecurity Strategy
One of the most talked-about developments in cybersecurity this month is Zscaler’s acquisition of Red Canary, a move that highlights a larger industry trend: the growing demand for unified, automated security platforms that accelerate threat detection and response. But what does this really mean for security teams looking to stay ahead of ransomware, advanced threats,…
-
Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains
Malicious code in ML models is hard to detect: While Hugging Face hosts models directly, PyPI hosts Python software packages, so detection of poisoned models hidden inside Pickle files hidden inside packages could prove even harder for developers and PyPI’s maintainers, given the extra layer of obfuscation.The attack campaign discovered by ReversingLabs involved three packages:…
-
Tenable Bolsters AI Controls With Apex Security Acquisition
Apex Security Detection Tools Help Tenable Spot Accidental and Malicious AI Misuse. Tenable is acquiring Israeli startup Apex Security to extend AI security features that go beyond asset discovery. With user-level controls and risk mitigation for AI usage, Tenable aims to accelerate its exposure management roadmap by integrating Apex into Tenable One later this year.…
-
CISA’s New SIEM Guidance Tackles Visibility and Blind Spots
US, Australian Cyber Agencies Say Visibility Gaps Threaten Detection and Response. The Cybersecurity and Infrastructure Security Agency issued new guidance urging organizations to streamline Security Information and Event Management platform integration by prioritizing impactful log data and reducing blind spots that continue to plague even mature security operations centers. First seen on govinfosecurity.com Jump to…
-
Threat Actors Exploit Nifty[.]com Infrastructure in Sophisticated Phishing Attack
Threat actors have orchestrated a multi-wave phishing campaign between April and May 2025, leveraging the legitimate infrastructure of Nifty[.]com, a prominent Japanese Internet Service Provider (ISP), to execute their attacks. Uncovered by Raven, a leading threat detection entity, this operation stands out due to its ability to evade conventional email security systems by abusing trusted…
-
Scientists Use AI Chatbots to Carry Encrypted Messages Undetectable by Cybersecurity Systems
The world has a long history of hiding messages in plain sight. My own crude attempts as a kid included hours spent inserting code words and number sequences into notes and messages to avoid detection by parents, teachers and other kids. And occasionally whipping out my Batman decoder ring to figure out messages being hidden..…
-
Attackers are mapping your attack surface”, are you?
Attackers are mapping your infrastructure before you even realize what’s exposed. Sprocket ASM flips the script, giving you the same recon capabilities they use, plus change detection and actionable insights to close gaps fast. See your attack surface the way hackers do and beat them to it. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/attackers-are-mapping-your-attack-surface-are-you/
-
New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers
Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet.The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file, providing information about the executable.While the DOS header makes the executable file…
-
Unmasking ECH: Why DNSthe-Root-of-Trust Holds the Key to Secure Connectivity
Encrypted Client Hello (ECH) has been in the news a lot lately. For some background and relevant and recent content, see: IETF Proposed Standard Cloudflare Blog from 2023 announcing ECH support RSA 2025 talk: ECH: Hello to Enhanced Privacy or Goodbye to Visibility? Corrata White Paper “Living with ECH” Security Now podcast coverage of the…
-
New Browser Exploit Technique Undermines Phishing Detection
Fullscreen Browser-in-the-Middle attacks are making it harder for users to detect malicious websites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/browser-exploit-technique/
-
How Red Canary Acquisition Will Fortify Zscaler’s MDR Muscle
Zscaler Aims for SOC Leadership With Enhanced Visibility Across Endpoints and Cloud. By acquiring Denver-based startup Red Canary, cloud security stalwart Zscaler adds deep MDR functionality and aims to unify detection workflows across its customer environments using insights from its massive transaction volume, identity analytics and Red Canary’s advanced threat-hunting service. First seen on govinfosecurity.com…
-
An Enterprise Playbook to Defending Against Volt Typhoon
An identity threat detection approach built on access intelligence is key to identifying and disrupting campaigns like Volt Typhoon. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/an-enterprise-playbook-to-defending-against-volt-typhoon/
-
Zscaler Buys Red Canary to Elevate AI-Driven Threat Response
Red Canary Purchase Aims to Deliver Agentic AI-Powered Security Operations at Scale. Zscaler’s buy of Red Canary will unify its cloud-based security infrastructure with Red Canary’s MDR insights, giving rise to a next-gen SOC built on automation, AI, and rapid detection expertise. The integration will support a proactive SOC experience powered by AI workflows and…
-
Zscaler to Acquire Red Canary, Enhancing AI-Powered Security Operations
Zscaler, Inc. (NASDAQ: ZS), the global leader in cloud security, has announced a definitive agreement to acquire Red Canary, a top Managed Detection and Response (MDR) provider. This strategic move is set to transform security operations by integrating Zscaler’s AI-driven Zero Trust Exchange platform with Red Canary’s advanced threat detection and response capabilities, powered by…
-
Threat Actors Weaponizing DCOM to Harvest Credentials on Windows Systems
Threat actors are now leveraging the often-overlooked Component Object Model (COM) and its distributed counterpart, Distributed Component Object Model (DCOM), to harvest credentials on Windows systems. As traditional red team methods like direct access to the Local Security Authority Subsystem Service (LSASS) face heightened scrutiny from Microsoft’s enhanced defenses and advanced Endpoint Detection and Response…
-
Managed Detection & Response – Wo setzen Unternehmen auf professionelle Cybersecurity-Hilfe?
First seen on security-insider.de Jump to article: www.security-insider.de/cybersecurity-outsourcing-vorteile-herausforderungen-a-00b658697a3ff351ba84515ae306b9ae/
-
CISA Releases Executive Guide on SIEM and SOAR Platforms for Rapid Threat Detection
In today’s rapidly evolving threat landscape, Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms have become foundational to organizational cybersecurity strategies. SIEM platforms collect, centralize, and analyze log data from diverse sources, such as endpoints, servers, cloud services, and network devices, using correlation rules and filters to detect anomalous…
-
New Russian APT group Void Blizzard targets NATO-based orgs after infiltrating Dutch police
Tags: access, api, apt, attack, authentication, blizzard, cloud, credentials, data, defense, detection, edr, email, fido, framework, group, hacker, identity, least-privilege, login, mfa, microsoft, open-source, passkey, password, phishing, qr, risk, russia, siem, spear-phishing, switch, threat, toolSwitch to spear phishing: In recent months the group seems to have pivoted from password spraying to targeted spear phishing attacks that direct users to fake Microsoft Entra login pages using adversary-in-the-middle (AitM) techniques. Such a campaign led to the compromise of 20 NGOs in April.In its campaign against NGOs, Void Blizzard sent emails masquerading…
-
Zscaler To Acquire MDR Trailblazer Red Canary
Zscaler’s acquisition of major MDR vendor Red Canary aims to boost Zscaler’s capabilities around threat detection and response, the company announced Tuesday. First seen on crn.com Jump to article: www.crn.com/news/security/2025/zscaler-to-acquire-mdr-trailblazer-red-canary
-
Proficio and Cisco Join Forces to Deliver Managed XDR for RoundClock Threat Detection
First seen on scworld.com Jump to article: www.scworld.com/news/proficio-and-cisco-join-forces-to-deliver-managed-xdr-for-round-the-clock-threat-detection
-
Hackers drop 60 npm bombs in less than two weeks to recon dev machines
Tags: attack, data, detection, email, framework, hacker, malicious, open-source, rce, remote-code-execution, supply-chain, threat, toolThe accounts are now defunct: The first three malicious packages, “e-learning-garena,” “seatalk-rn-leave-calendar,” and “coral-web-be,” were released under the npm accounts bbbb335656, cdsfdfafd1232436437, and sdsds656565, respectively. Since then, all three accounts have gone on to publish twenty malicious packages each.According to Socket, the first package emerged eleven days ago, and the most recent appeared only hours…
-
LimaCharlie Leaps Ahead With Endpoint Protection
The newest extension to LimaCharlie’s SecOps Cloud Platform (SCP) offers users advanced control over Windows endpoint protection at scale. This powerful new capability allows security service providers to easily manage free instances of Microsoft Defender Antivirus (previously Windows Defender) on all Windows endpoints through a single unified interface. Key Capabilities This extension is simple to…
-
Researchers Uncover macOS ‘AppleProcessHub’ Stealer: TTPs and C2 Server Details Revealed
Researchers have identified a novel information-stealing malware dubbed ‘AppleProcessHub,’ designed to infiltrate Apple systems and exfiltrate sensitive user data. This discovery sheds light on an evolving threat landscape where macOS, often considered a secure platform, is increasingly becoming a target for sophisticated adversaries. The malware employs advanced tactics, techniques, and procedures (TTPs) to evade detection…
-
Silver RAT Malware Employs New Anti-Virus Bypass Techniques to Execute Malicious Activities
A newly identified strain of malware, dubbed Silver RAT, has emerged as a significant threat to cybersecurity, leveraging sophisticated anti-virus bypass techniques to infiltrate and compromise Windows-based systems. This remote access trojan (RAT), believed to be crafted by a highly skilled threat actor or group, demonstrates an alarming ability to evade detection by traditional security…