In the News

In a revelation that should concern every security leader, the U.S. Justice Department (DOJ) recently disclosed that over 300 companies, including tech giants and at least one defense contractor, unknowingly hired North Korean operatives posing as remote IT workers.

Why AI is the Key to Cloud Cybersecurity: A Conversation with Ofer Maor, CTO of MITIGA

As the US Department of Homeland Security (DHS) warns of retaliatory cyberattacks against the US after bombing Iran’s nuclear infrastructure this weekend, a former Colonel of the IDF’s 8200 Cyber Unit talks cyberwarfare, Iranian hacker groups, and what the US can anticipate as the Israel-Iran conflict continues to evolve.

These collectives carry out not just traditional espionage activities, but also sabotage and disinformation operations targeting the U.S., Israel, and their allies in sectors such as finance, healthcare, energy, and water.

Cloud incident response company Mitiga Security Inc. today launched Helios AI, an artificial intelligence-powered security operations center assistant that helps security operations teams with triage, augmented investigation and accelerated threat remediation across multicloud environments.

Operation Midnight Hammer, the ultra-secret U.S. precision air attack on Iran’s nuclear sites this weekend, was stunning in its sweep and ambition. It was not only the largest strike using B-2 bombers in history but entailed the longest flight involving the fleet since 2001.

Security researchers uncovered multiple flaws in large language models developed by Chinese artificial intelligence company DeepSeek, including in its flagship R1 reasoning application.

It comes as no surprise, sadly, that cybercriminals will attack anyone and any organization as long as there its a profit in it for them, regardless of the impact on human life.

The New York Blood Center (NYBC) experienced a ransomware attack, discovered when suspicious activity was identified on IT systems. In response, the NYBC took specific systems offline and is currently working to restore them.

The New York Blood Center has suffered from a significant ransomware attack, on January 26, 2025. The non-profit blood centre collects donated blood (red cells, platelets and plasma) and uses these to create live saving products for distribution through hospitals and clinics. Read more: https://www.digitaljournal.com/world/new-york-blood-center-and-the-lessons-from-the-cyberattack/article#ixzz90u20a83I

The New York Blood Center (NYBC) said it suffered a ransomware attack that disrupted operations and forced it to reschedule some operations.

The New York Blood Center (NYBC) said it suffered a ransomware attack that disrupted operations and forced it to reschedule some operations.

In a playbook move reminiscent of the early days of TikTok’s rise to fame in the US and its backlash from Washington lawmakers, New York state has banned government employees from using the Chinese-owned DeepSeek app over security concerns.

As Microsoft users recover from the news that three zero-day Windows vulnerabilities have been actively exploited, and there has been a surge in Russian cyber espionage attacks against Windows users, there’s more bad news for Microsoft 365 account holders.

Google is always in the news and, sadly, not always for positive reasons as far as security issues are concerned.

Security experts have shared their predictions and insights for the cybersecurity landscape in 2025, highlighting the persistence of existing threats and the emergence of new challenges as technology continues to evolve.

Here are the predictions of cybersecurity experts for 2025. These opinions will allow you to better prepare for this year which will see many challenges to overcome.

IE has so many Predictions for 2025 that there will be a series of features throughout the month. Kicking off with this one which rounds up some insights on cyber risks, data and more. Here we go.

Google's AI-powered fuzzing and augmenting SAST with AI, new OSINT/recon service for public AWS identifiers, finding EDR vulns with fuzzing

Startups offering tools for protecting cloud environments — including security for cloud data, identities and AI systems — are among those that have stood out during the year.

As we unveil the third edition of Information Security Buzz’s 2025 predictions, we are thrilled by the incredible response.

Security isn't just about tools — it's about understanding how the enemy thinks and why they make certain choices.

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps.

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps.

This collection of predictions offers some promising solutions to increasingly complex cyber challenges.

Each week, we’ll be providing a look back at the articles we posted and why they’re important to the healthcare IT community.

In an ideal world, healthcare systems would be fortified against cyberattacks, safeguarding patient data and protecting critical, life-saving operations. Yet, the reality is far from ideal.

Dell has launched an employee data breach investigation after a threat actor identified as “Grep” leaked the company’s stolen information on the dark web marketplace BreachForums.

The group claimed they accessed Disney’s system via a team member’s Slack cookies, using him as an entry point.

Disney leak included data from internal Slack messaging app about customers, staff

Mitiga unveiled its Cloud Managed Detection and Response (MDR) service, designed to provide 24/7 protection against the increasingly complex threats targeting cloud and SaaS environments.

Security Program Controls/Technologies

Need to secure non-human entities, leaky clouds, and complex environments? The companies included in our network security startups to watch series have bold ideas.

Need to secure non-human entities, leaky clouds, and complex environments? These 7 network security startups have bold ideas.

Cloud environments, including software-as-a-service tools, could be easily compromised by threat actors due to defense challenges brought upon by the shared responsibility model, as well as inadequate visibility and overall client control, according to SC Media.

Cloud Security, Incident Response, Network Security, Black Hat

Small businesses are increasingly being targeted by cyberattackers. Why, then, are security features priced at a premium?

Hackers have stolen records of virtually every call made by AT&T's customers during a six-month period in 2022, after compromising the US telco's Snowflake data environment

Mitiga – an AWS validated software path partner that offers cloud threat detection, investigation and response experts for cloud and SaaS- appointed Amir Gabrieli has been appointed as VP of product. Gabrieli’s career spanning over two decades in cloud and cybersecurity; he will lead Mitiga’s product development roadmap and implementation.

EPAM, a Belarusian software company, said an investigation found no evidence that it was connected to recent attacks against Snowflake customer databases.

Ticketmaster, Santander Bank, and other large firms have suffered data leaks from a large cloud-based service, underscoring that companies need to pay attention to authentication.

Ticketmaster, Santander Bank, and other large firms have suffered data leaks from a large cloud-based service, underscoring that companies need to pay attention to authentication.

Early-stage vendors focused on protecting data and GenAI usage in the cloud are among the year’s most notable cloud security startups.

Let log analysis be the guide for your Kubernetes security safari.

A massive cyberattack against AT&T exposed data from "nearly all" of its customers and downloaded it to a third-party cloud platform, AT&T said in a press release.

The best strategy to defend against ransomware attacks is a proactive one. So, the more you understand the stages of an attack, the more capable you will be at preventing them.

A hacker group called “NullBulge” says it stole more than a terabyte of Disney’s internal Slack messages and files from nearly 10,000 channels in an apparent protest over AI-generated art.

Protesting Disney’s use of crypto, pushing AI-generated art and/or stealing from artists.

After a ransomware strike on a national sales management network cost U.S. car dealerships $1 billion, hackers published data stolen from Disney's messaging channels on Slack--without even seeking a payout.

'Phishing hole' attacks are particularly dangerous during Prime Day, experts warned

Assigning responsibility for missing security controls is tricky. The burden is collective but cloud providers need to raise minimum standards, experts say.

This podcast episode discusses the recent attacks against Snowflake customers and a controversial report that claimed the cloud storage and analytics giant had been breached.

According to new threat research, Mandiant is reporting that UNC5537 conducted attacks against Snowflake database customers at least as early as April 14.

The recent Snowflake debacle highlights the need for more stringent enterprise MFA practices

Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million users.

“We are confident that Amir's leadership and industry knowledge will be instrumental in meeting customer demands in today’s ever-evolving cyber landscape,” said Co-Founder and CTO Ofer Maor.

Multi-factor authentication is a gold standard for cybersecurity that organizations can use to better shield users from threats. Cybersecurity experts say Snowflake's lack of MFA enforcement leaves a gap.

Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of stolen customer login credentials.

Snowflake denies breach, Santander and Ticketmaster confirm data theft, Hudson Rock deletes report

A threat actor tracked as UNC5537 is using stolen credentials against Snowflake database customers to conduct data theft and extortion attacks, cloud security firm Mitiga said.

Hackers are targeting cloud storage platform Snowflake to steal data from enterprise customers.

Data breaches at Ticketmaster and financial services company Santander have been linked to attacks against cloud provider Snowflake. Researchers fear more breaches will soon be uncovered.

Cyber authorities and researchers warn many major companies could be compromised by the targeted attacks against Snowflake customer environments.

Snowflake CISO Brad Jones hit back at claims the Ticketmaster and Santander data breaches were caused by platform vulnerabilities

Snowflake on Saturday issued a joint statement with third-party investigators Mandiant and CrowdStrike denying reports that its platform had been breached.

Startups at Innovation Sandbox 2024 brought clarity to artificial intelligence, protecting data from AI, and accomplishing novel security solutions with new models.

Subtly tamper with GHA builds, repo with offense-focused Rust PoCs, how to prioritize a detection backlog

In an arena of thousands of cybersecurity vendors, there is a decent share of incremental innovation and products that are features.

Each year, RSA Conference invites cybersecurity’s boldest new innovators to compete in RSAC Innovation Sandbox, a contest that puts the spotlight on startups with potentially game-changing ideas.

Expert Insights breaks down the Innovation Sandbox finalists at RSAC 2024.

Mitiga — a finalist in this year’s RSAC Innovation Sandbox — provides capabilities for “advanced” visibility, threat detection, investigation and response in cloud and SaaS deployments. The offering ultimately enables customers to address cloud threats “70 times faster than traditional capabilities,” the company said. Mitiga has raised $45 million in total funding led ClearSky Security.

In the span of just a few years, software supply chain security has evolved from being a niche security topic to a top priority for development organizations, security practitioners and CISOs alike. That shift is evident when you take a peek at the schedule for this year’s RSA Conference in San Francisco, where talks related to software supply chain cyber risk abound.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild.

Today organizations have a large part of their environment outside of their control. They have authentication, email, data, code—some organizations have the majority of their most important assets in cloud and SaaS applications. And yet the security team does not have effective tooling to investigate across this surface.

In this conversation, we discuss: 👉 How Mitiga addresses security gaps in cloud environments 👉 The importance of simplifying complex security operations data for faster response times 👉 Emerging trends in cybersecurity threats for 2024 and how companies should prepare

In this episode, we delve into proactive cybersecurity and best practices for modern businesses with Ariel Parnes, co-founder of Mitiga and former head of the Israeli intelligence service's cyber department. With over two decades in IT and cybersecurity, Ariel brings unparalleled insights into cyber warfare and its implications for today's business environment.

The opening of the annual RSA Conference in San Francisco on Monday brought together MSSPs, MSPs, vendors and subject matter experts for a three-day event featuring new products, services and ideas representing the latest innovations and thought leadership from across the cybersecurity industry.

The practice of cybersecurity is ever-changing, marked by a continual dance between the attackers and the defenders. Each side is in a constant state of adaptation, reacting to the strategies of the other. The ongoing evolution of ransomware cybercrime is a prime illustration of this dynamic.

The Cybersecurity and Infrastructure Security Agency (CISA) urged Sisense's customers to reset passwords and other credentials that may have been exposed to or used to access Sisense's services and to report any suspicious activity.

AI, cybersecurity, digital transformation. These trends have been major themes over the past several years, but IT departments need to remain on top of what’s changing, why, and how.

Microsoft confirms that Russian state-sponsored hackers, known as Midnight Blizzard, infiltrated their systems and stole source code. Experts warn of potential zero-day vulnerabilities.

As news on an alleged Russian hack against Microsoft continues to unfold — with the latest reports revealing that Microsoft has not been yet able to shake down the Russian-linked criminal group Midnight Blizzard (also known as Nobelium), experts weigh in on the consequences of the attack.

While the medical field embraces innovation, discovering AI solutions that have the potential to enhance diagnosis, administration, and drug development, there are consistently new threats — a primary target for ransomware gangs and cybercriminals.

The Russian state-sponsored advanced persistent threat (APT) group known as Midnight Blizzard has nabbed Microsoft source code after accessing internal repositories and systems, as part of an ongoing series of attacks by a very sophisticated adversary.

UnitedHealth Group recently announced that an associated technological unit (Change Healthcare) faced a cyberattack from the Blackcat ransomware group.

The ALPHV/BlackCat ransomware group’s operations seem to have halted amid allegations of defrauding an affiliate involved in the Optum attack, which targeted the Change Healthcare platform, resulting in a loss of $22m.

Source code fire sale, stiffing affiliates — are BlackCat admins intentionally burning their RaaS business to the ground? Experts say something's up.

Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. In recent years, as the popularity of this approach has increased, the number of cyberattacks and data breaches has similarly increased.

The volume of cybersecurity transactions increased in 2023 compared to 2022, but the total amount of funding decreased significantly.

As we navigate the complex terrain of modern cybersecurity, the emergence of psychological warfare tactics in cyber-attacks is becoming a critical concern.

A set of unique conditions has set the stage for the perfect storm, leaving more than 7 out of 10 Chief Information Security Officers (CISOs) thinking it might be time for a job change.

Cloud protection and backup trends in 2024 are evolving rapidly, influenced significantly by technological advancements and the changing needs of organizations. This evolution is evident in the adoption of various innovative security measures and strategies in response to the increasing complexities of cyber threats, particularly in cloud environments.

Cloud security predictions for 2024 include a retreat from the public cloud, a whirlwind of new software-as-a-service (SaaS) risks and a shift from the rush to build application protocol interfaces (API) to mitigating associated risks.

Experts warn that zero-day flaws will be exploited at mass scale, while the adoption of AI technology will lead to a rise in advanced social engineering attacks.

Hewlett Packard Enterprise (HPE) recently filed a mandatory SEC disclosure indicating that Russian hackers breached its cloud email environment, and that the incident was possibly linked to a prior internal email security breach that took place in 2023.

Cloud incident response company Mitiga Security Inc. today released a new cybersecurity solution that provides instant clarity on all multicloud and software-as-a-service activities through a single pane of glass.

It is well understood by enterprises that a cyberattack isn’t a matter of “if,” it is a matter of, “when.” Since the dawn of the internet, cybersecurity has largely focused on threat prevention, but with cyberattacks continuing to grow in both frequency and sophistication, there is a renewed emphasis on incident response and remediation.

Mitiga researchers found that the AWS SSM agent could be hijacked and turned into a remote access trojan that is difficult to detect.

Researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows hackers to use the platform's System Manager (SSM) agent as an undetectable Remote Access Trojan (RAT).