Author: Staff Writer

Quick Takeaways Launch of Blue Mantis Protect: Blue Mantis introduces a managed cybersecurity solution aimed at midsized enterprises, combining AI-driven threat detection with expert cybersecurity support. Tailored for Midmarket Needs: Designed for organizations lacking robust internal security, this service offers enterprise-grade protection through a subscription model, minimizing the need for extensive capital and staffing. Comprehensive 24/7 Managed Defense: The solution includes round-the-clock monitoring, dark web surveillance, and nine modular services, allowing businesses to adopt a proactive rather than reactive security approach. Unified and Usable Security: Blue Mantis Protect streamlines security operations, addressing issues like tool sprawl and alert fatigue, effectively…

Essential Insights The Akira ransomware group is exploiting a year-old SonicWall vulnerability (CVE-2024-40766) along with securing access through SSLVPN Default Users Group and Virtual Office Portal misconfigurations to conduct attacks. The CVE-2024-40766 flaw, rated with a CVSS score of 9.3, allows unauthorized resource access and firewall crashes, with exploitation observed shortly after SonicWall’s August 2024 advisory. Rapid7 warns that Akira may be using a combination of the vulnerability, default user group exploitation, and accessible Virtual Office Portal to penetrate networks and deploy ransomware. Organizations are urged to urgently patch SonicWall devices, update passwords, enable MFA, and restrict access to mitigate…

Quick Takeaways Leadership Appointment: HUB Cyber Security Ltd. names Romke E. de Haan III as Head of Cybersecurity Strategy and Innovation to spearhead North American expansion. DDoS Protection Expansion: Corero Network Security partners with Nextwave to extend its DDoS protection services to Thailand, addressing growing resilience needs in Southeast Asia. AI-Enhanced Security: Coro’s new platform version simplifies cybersecurity for small and midsize businesses, easing operational burdens with a unified, AI-powered solution. Cybersecurity for SMBs: CrowdStrike collaborates with Amazon Business Prime, offering free access to its award-winning Falcon Go cybersecurity platform for SMB members, enhancing security at no cost. Key Developments…

Essential Insights Ukrainian criminal Volodymyr Tymoshchuk orchestrated multiple ransomware operations (LockerGaga, MegaCortex, Nefilim) between 2018-2021, targeting over 250 US victims and causing millions in damages. International law enforcement recovered decryption keys in 2022, helping victims avoid data encryption and mitigating ransomware damage. Tymoshchuk faces charges including conspiracy, computer damage, and threats, with the U.S. offering up to $11 million in rewards for information leading to his arrest or conviction. His ransomware schemes involved recruiting affiliates, demanding ransom shares, and threatening to leak data, highlighting the global scale and sophistication of his cybercriminal operations. What’s the Problem? The U.S. Department of…

Summary Points Acquisition Announcement: Mitsubishi Electric Corp. has agreed to acquire cybersecurity firm Nozomi Networks for approximately $1 billion, marking a significant investment in the industrial cybersecurity sector. Independent Operation: Post-acquisition, Nozomi Networks will operate as a wholly owned subsidiary of Mitsubishi Electric while maintaining its independence. Strategic Focus: The acquisition aims to enhance OT security within the IoT landscape, aligning with Mitsubishi Electric’s ongoing digital transformation efforts in manufacturing and social infrastructure. Future Developments: The deal is projected to close by Q4 2025, with Nozomi retaining its headquarters in San Francisco and R&D facilities in Switzerland. Strategic Move in…

Summary Points U.S. Senator Ron Wyden is urging the FTC to investigate Microsoft for cybersecurity negligence that facilitated ransomware attacks on critical infrastructure, notably healthcare networks like Ascension. The 2023 Ascension breach, caused by a contractor clicking a malicious link and exploiting insecure default settings, involved the Black Basta ransomware group and affected 5.6 million individuals. The attack leveraged Kerberoasting techniques exploiting outdated RC4 encryption, which Microsoft plans to deprecate, but remains enabled by default, exposing vulnerabilities due to weak passwords and default configurations. Wyden criticizes Microsoft’s support for insecure protocols and inadequate password enforcement, emphasizing systemic risks in enterprise…

Top Highlights Critical DNS Vulnerability: Researchers from ADAMnetworks have identified a major security risk in DNS TXT records, where attackers use these records to encode and distribute malware, evading traditional security measures. Evasive Malware Techniques: Attackers are exploiting the versatility of TXT records for malware assembly, command-and-control (C2) communications, and data exfiltration, posing significant threats to organizations. Detection Challenges: The abuse of DNS traffic remains a blind spot in cybersecurity, especially with the rise of encrypted DNS protocols, making it difficult for standard detection systems to identify malicious content. Proactive Mitigation Strategies: Experts recommend a targeted "block all, allow some"…

Top Highlights The UK’s National Cyber Security Centre emphasizes the need to prioritize maintaining critical services during cyberattacks over just protecting data, citing recent incidents like the 2021 Irish healthcare attack. Recent major disruptions include a suspected ransomware attack on Jaguar Land Rover, which led to production halts and data theft, with hackers linked to retail cybercrime groups. Richard Horne, NCSC CEO, highlighted the increasing importance of ensuring business and service continuity amid evolving cyber threats, marking his first speech at the Washington summit since 2024. The UK collaborates closely with US authorities, having issued advisories on Chinese tech companies…

Top Highlights Innovative Funding: AegisAI, a cybersecurity startup, secured $13 million in seed funding led by Accel and Foundation Capital to enhance its autonomous email security platform against phishing and malware. AI-Powered Defense: The startup leverages autonomous AI agents to eliminate email threats in real time, reducing false positives by up to 90%, compared to traditional security systems. Founders’ Expertise: Founded by ex-Google Safe Browsing leaders, the team brings extensive experience in email security, addressing the growing sophistication of AI-powered cyber attacks. Seamless Integration: AegisAI’s platform integrates with Microsoft 365 and Google Workspace, providing zero-configuration operation, continuous learning from threats,…

Top Highlights Persistent Vulnerability: Approximately six months after a fix was released for a zero-click vulnerability in Apple CarPlay (CVE-2025-24132), few vendors and no car manufacturers have implemented the necessary patches. Ease of Exploitation: Attackers can exploit this vulnerability through simple USB or Bluetooth connections, often with no user interaction required, posing a significant risk of unauthorized access to vehicle systems. Serious Implications: The vulnerability allows for remote code execution with root privileges, enabling potential misuse such as tracking driver locations, eavesdropping, or creating distractions while driving. Challenges in Patching: The automotive industry struggles with patch implementation due to slow…