Aggregator

De Russische GRU-cybereenheid 26165, beter bekend als APT28, is verantwoordelijk voor cyberspionage tegen Oekraïne en NAVO-landen. Nederland is ook doelwit geweest. Dit blijkt uit onderzoek van meerdere partijen. Dit zijn onder andere de Amerikaanse diensten National Security Agency (NSA) en Cybersecurity & Infrastructure Security Agency (CISA). Ook het Federal Bureau of Investigation (FBI) en de Nederlandse Militaire Inlichtingen- en Veiligheidsdienst (MIVD) stelden dit vast. 

KrebsOnSecurity hit and survided a record-breaking 6.3 Tbps DDoS attack linked to the Aisuru IoT botnet, but it shows the vulnerable state of IoT devices.

Not content with attacking retailers, this aggressive group is fighting a turf war with other ransomware operators

In this fourth installment of Tenable’s “Stronger Cloud Security in Five” blog series, we turn our attention to securing cloud data, a complex endeavor as data grows exponentially and threats become more sophisticated. Check out five DSPM best practices to sharpen your cloud data security and compliance.

As the volume of data stored and processed in your cloud environments grows, so does the complexity of protecting it from cyber thieves and of complying with strict regulations.

While on-premises data centers offer a more controlled environment, data generated in the cloud can be less structured and is often stored in a more diverse array of repositories, increasing the risk that it will be improperly secured.

As GigaOm Analyst Paul Stringfellow tells us, cloud repositories are often deployed outside of normal controls due to their ease of use and their perceived low cost.

“Often, they are used for specific tasks and then discarded and forgotten by original project owners,” he writes. “This leads to shadow data repositories that exist outside of established data storage and security controls.”

The solution? Data security posture management (DSPM) systems, which offer unified visibility of all your cloud data — even if your organization uses multiple cloud service providers (CSPs) — along with other data protection capabilities.

“A key element of data resilience is understanding where sensitive data stores are located and what is inside them. You can't secure something you don't know about, and DSPM helps identify and categorize data stores,” Enterprise Strategy Group Analyst Todd Thiemann indicates.

At Tenable, we believe a key element for securing your cloud data is to have your DSPM tool integrated as part of a comprehensive cloud native application protection platform (CNAPP). 

Combining DSPM functionality with other CNAPP components gives you holistic cloud security that also includes protection for workloads, identities and more, as Tenable Senior Product Marketing Managers Diane Benjuya and Lior Zatlavi explain. 

“In light of the massive increase in data-related breaches – and their cost – integrating DSPM in CNAPP is essential to reduce risk. It also simplifies security efforts, improves compliance and ensures that data security is an integral part of your overall security strategy,” they write.

Below we unpack five DSPM best practices that are key for securing your data across your multi-cloud environment.

1 - Continuously discover and classify cloud data 

You need to have full, continuously updated visibility into all your data — including AI models, cloud workloads and storage buckets. It’s particularly important to detect unknown “shadow data” that is generated and stored without the knowledge of the IT and security teams. In fact, IBM’s “Cost of a Data Breach Report 2024” found that “shadow data” stored in unmanaged data sources were involved in 35% of all data breaches. 

All data assets must be assigned risk-severity levels based on their sensitivity, as well as be organized into categories, such as confidential company data and customer personal information.

When this data visibility is combined with other CNAPP functions, such as cloud security posture management (CSPM), organizations can pinpoint security gaps, toxic combinations and potential breach impacts, as well as prioritize necessary prevention and mitigation measures.

2 - Proactively prevent data breaches

It’s critical to leverage advanced analytics and flag suspicious activity that could lead to data breaches. With these actionable insights and recommendations, your team is empowered to stay a step ahead of attackers by proactively investigating and addressing these risk scenarios.

For example, integrating DSPM with your CNAPP’s cloud infrastructure entitlements management (CIEM) alerts you to anomalous behavior from human or machine identities that might endanger the security of sensitive cloud data. With these insights, you can take the appropriate corrective action and block a potential attack path by, say, reducing or entirely revoking a suspicious identity’s data access.

3 - Streamline comprehensive regulatory compliance

The number of data privacy and data security laws, regulations, industry mandates, internal policies and voluntary frameworks increases with each passing year, making compliance a daunting challenge.

To stay on top of all these data-protection rules and requirements, you need to continuously assess your data-security compliance posture by automating the processes of: 

• discovering and classifying cloud data; 
• enforcing your data-protection policies;
• addressing violations like unauthorized access with step-by-step remediation guidance;
• and generating detailed, audit-ready compliance reports.

Here again, a CNAPP-integrated DSPM not only automates these processes but also offers invaluable insights with rich-context on the threats to your cloud data that put you at risk of non-compliance, including vulnerabilities, misconfigurations and overprivileged identities. 

4 - Conduct fast, precise incident response

If a data breach happens, time is of the essence. You need to respond quickly and decisively. With the context-rich analytics provided by your DSPM, your security team is better able to: 

• Assess the scope of the breach
• Pinpoint its cause
• Flag the compromised data
• Prioritize remediation
• Contain the breach

To get this expansive visibility and understanding of a data breach, it’s key for your DSPM to perform a comprehensive analysis – leveraging its CNAPP integration – that takes into account the full context of the incident, since your data protection posture can’t be assessed in a vacuum. As we learned from Verizon’s “2025 Data Breach Investigations Report” (DBIR), data thieves use a variety of attack methods — particularly their preferred ones: compromising credentials and exploiting vulnerabilities.

5 - Bake data security into your cloud growth

As your multi-cloud deployment inevitably grows, data security and compliance must be at the heart of your environment’s expansion. In this growth scenario, a CNAPP-integrated DSPM empowers your security team to build data-protection organically into these efforts in a number of key ways, including by:

• Having complete, continuously updated visibility of cloud data and its risks
• Providing context-rich insights into the data security posture of the mapped data stores, including configurations and identity permissions
• Categorizing data assets’ sensitivity
• Identifying which human and machine identities have access to cloud data
• Helping prioritize issues and prescribing actionable, concrete remediation steps 

Find out how you can take action to boost your cloud security in just five minutes.

Learn more:

• "Stronger Cloud Security in Five: The Importance of Cloud Configuration Security"
• "Stronger Cloud Security in Five: How To Protect Your Cloud Workloads"
• "Stronger Cloud Security in Five: Securing Your Cloud Identities"

In this fourth installment of Tenable’s “Stronger Cloud Security in Five” blog series, we turn our attention to securing cloud data, a complex endeavor as data grows exponentially and threats become more sophisticated. Check out five DSPM best practices to sharpen your cloud data security and compliance.

As the volume of data stored and processed in your cloud environments grows, so does the complexity of protecting it from cyber thieves and of complying with strict regulations.

While on-premises data centers offer a more controlled environment, data generated in the cloud can be less structured and is often stored in a more diverse array of repositories, increasing the risk that it will be improperly secured.

As GigaOm Analyst Paul Stringfellow tells us, cloud repositories are often deployed outside of normal controls due to their ease of use and their perceived low cost.

“Often, they are used for specific tasks and then discarded and forgotten by original project owners,” he writes. “This leads to shadow data repositories that exist outside of established data storage and security controls.”

The solution? Data security posture management (DSPM) systems, which offer unified visibility of all your cloud data — even if your organization uses multiple cloud service providers (CSPs) — along with other data protection capabilities.

“A key element of data resilience is understanding where sensitive data stores are located and what is inside them. You can't secure something you don't know about, and DSPM helps identify and categorize data stores,” Enterprise Strategy Group Analyst Todd Thiemann indicates.

At Tenable, we believe a key element for securing your cloud data is to have your DSPM tool integrated as part of a comprehensive cloud native application protection platform (CNAPP). 

Combining DSPM functionality with other CNAPP components gives you holistic cloud security that also includes protection for workloads, identities and more, as Tenable Senior Product Marketing Managers Diane Benjuya and Lior Zatlavi explain. 

“In light of the massive increase in data-related breaches – and their cost – integrating DSPM in CNAPP is essential to reduce risk. It also simplifies security efforts, improves compliance and ensures that data security is an integral part of your overall security strategy,” they write.

Below we unpack five DSPM best practices that are key for securing your data across your multi-cloud environment.

1 - Continuously discover and classify cloud data 

You need to have full, continuously updated visibility into all your data — including AI models, cloud workloads and storage buckets. It’s particularly important to detect unknown “shadow data” that is generated and stored without the knowledge of the IT and security teams. In fact, IBM’s “Cost of a Data Breach Report 2024” found that “shadow data” stored in unmanaged data sources were involved in 35% of all data breaches. 

All data assets must be assigned risk-severity levels based on their sensitivity, as well as be organized into categories, such as confidential company data and customer personal information.

When this data visibility is combined with other CNAPP functions, such as cloud security posture management (CSPM), organizations can pinpoint security gaps, toxic combinations and potential breach impacts, as well as prioritize necessary prevention and mitigation measures.

2 - Proactively prevent data breaches

It’s critical to leverage advanced analytics and flag suspicious activity that could lead to data breaches. With these actionable insights and recommendations, your team is empowered to stay a step ahead of attackers by proactively investigating and addressing these risk scenarios.

For example, integrating DSPM with your CNAPP’s cloud infrastructure entitlements management (CIEM) alerts you to anomalous behavior from human or machine identities that might endanger the security of sensitive cloud data. With these insights, you can take the appropriate corrective action and block a potential attack path by, say, reducing or entirely revoking a suspicious identity’s data access.

3 - Streamline comprehensive regulatory compliance

The number of data privacy and data security laws, regulations, industry mandates, internal policies and voluntary frameworks increases with each passing year, making compliance a daunting challenge.

To stay on top of all these data-protection rules and requirements, you need to continuously assess your data-security compliance posture by automating the processes of: 

• discovering and classifying cloud data; 
• enforcing your data-protection policies;
• addressing violations like unauthorized access with step-by-step remediation guidance;
• and generating detailed, audit-ready compliance reports.

Here again, a CNAPP-integrated DSPM not only automates these processes but also offers invaluable insights with rich-context on the threats to your cloud data that put you at risk of non-compliance, including vulnerabilities, misconfigurations and overprivileged identities. 

4 - Conduct fast, precise incident response

If a data breach happens, time is of the essence. You need to respond quickly and decisively. With the context-rich analytics provided by your DSPM, your security team is better able to: 

• Assess the scope of the breach
• Pinpoint its cause
• Flag the compromised data
• Prioritize remediation
• Contain the breach

To get this expansive visibility and understanding of a data breach, it’s key for your DSPM to perform a comprehensive analysis – leveraging its CNAPP integration – that takes into account the full context of the incident, since your data protection posture can’t be assessed in a vacuum. As we learned from Verizon’s “2025 Data Breach Investigations Report” (DBIR), data thieves use a variety of attack methods — particularly their preferred ones: compromising credentials and exploiting vulnerabilities.

5 - Bake data security into your cloud growth

As your multi-cloud deployment inevitably grows, data security and compliance must be at the heart of your environment’s expansion. In this growth scenario, a CNAPP-integrated DSPM empowers your security team to build data-protection organically into these efforts in a number of key ways, including by:

• Having complete, continuously updated visibility of cloud data and its risks
• Providing context-rich insights into the data security posture of the mapped data stores, including configurations and identity permissions
• Categorizing data assets’ sensitivity
• Identifying which human and machine identities have access to cloud data
• Helping prioritize issues and prescribing actionable, concrete remediation steps 

Find out how you can take action to boost your cloud security in just five minutes.

Learn more:

• "Stronger Cloud Security in Five: The Importance of Cloud Configuration Security"
• "Stronger Cloud Security in Five: How To Protect Your Cloud Workloads"
• "Stronger Cloud Security in Five: Securing Your Cloud Identities"

The post Cloud Data Protection: How DSPM Helps You Discover, Classify and Secure All Your Data Assets appeared first on Security Boulevard.

Real-time BGP route visualization is now available on Cloudflare Radar, providing immediate insights into global Internet routing.

Google 在 I/O 2025 大会上宣布了能同步音频的 AI 视频生成器 Veo 3，用于生成高质量图像的 Imagen 4，以及用于电影级视频创作的工具 Flow。类似 OpenAI，Google 也推出了一个更高的付费订阅级别——月费 249.99 美元的 Ultra，相比下 OpenAI 最高的付费等级是 200 美元月费的 ChatGPT Pro。Ultra 美国用户将可以访问最新的视频生成模型 Veo 3，Vertex AI 企业平台用户也将能访问 Veo 3。

HTB CAPE isn’t a course—it’s actually a top-tier certification designed to prove you can conquer real-world Active Directory (AD) environments. Learn all about it in this post!

Anchore announced the next phase of its SBOM strategy with the release of Anchore SBOM. With the addition of Anchore SBOM, Anchore Enterprise now provides a centralized platform for viewing, managing and analyzing Software Bill of Materials (SBOMs), including the capability of “Bringing Your Own SBOMs”. Organizations can now gain comprehensive visibility into the software components present in both their internally developed and third-party supplied software to identify and mitigate security and compliance risks. Driven … More →

The post Anchore SBOM tracks software supply chain issues appeared first on Help Net Security.

PowerDNS has released a critical security update to address a vulnerability in its DNSdist load balancer that could allow remote attackers to trigger denial of service attacks without authentication. The issue, tracked as CVE-2025-30193, was patched in version 1.9.10 released on May 20, 2025. Security researchers warn that organizations using DNSdist should apply this update […]

The post PowerDNS Vulnerability Allows Attackers to Trigger DoS Attacks Through Malicious TCP Connections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The cybersecurity landscape reveal that the VanHelsing ransomware operation has experienced a significant security breach with its source code being leaked publicly. According to security researchers, this leak occurred after an internal dispute with a former developer who attempted to monetize the code before it was released freely by the ransomware operators. The leaked materials […]

The post VanHelsing Ransomware Builder Exposed on Hacker Forums appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft хочет, чтобы сайты сами общались с пользователями, а не ждали милости от Bing.

中国天宫空间站拭子样本发现未知菌种，其特性可能有助于适应太空的极端环境。神舟太空生物科技集团和北京航天器系统工程研究所的研究人员将该细菌以天宫命名为天宫尼尔菌（Niallia tiangongensis）。相关拭子是神舟十五号宇航员于 2023 年 5 月从空间站内收集的，该研究旨在调查居住环境的微生物组。天宫尼尔菌被认为可能与杆状土壤细菌环状尼尔菌（Niallia circulans）有近亲关系。环状尼尔菌及其太空近亲能将生命活性物质封装在坚固孢子中以抵御极端压力。目前尚不清楚天宫尼尔菌是在空间站演化形成，还是以孢子形态抵达空间站时已具备部分特征。基因分析显示，该菌种具有分解明胶获取氮碳元素的独特能力，这种特性有助于其在恶劣环境下构建生物膜保护层。

IBM X-Force’s 2024 cybersecurity report, nearly one-third of cyber intrusions now rely on identity-based attacks, exploiting valid login credentials to breach systems. This alarming trend, continuing for the second consecutive year, highlights a shift in threat actor strategies, moving away from traditional brute-force methods to stealthier, more persistent tactics. Attackers are increasingly leveraging sophisticated tools, […]

The post IBM Warns: One-Third of Cyber Attacks Use Advanced Tactics to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Counterfeit Facebook pages and sponsored ads on the social media platform are being employed to direct users to fake websites masquerading as Kling AI with the goal of tricking victims into downloading malware. Kling AI is an artificial intelligence (AI)-powered platform to synthesize images and videos from text and image prompts. Launched in June 2024, it's developed by Kuaishou Technology,

The world we live in is packed with data. Texts, emails, social media posts, deleted files, you name…

by Stuart Rorer, Security Consultant Uncovering Technical Artifacts One of my favorite childhood memories was going with my sister to look for artifacts after a solid rain. We lived near […]

Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and other U.S. and international partners released a joint Cybersecurity Advisory, Russian GRU Targeting Western Logistics Entities and Technology Companies.  

This advisory details a Russian state-sponsored cyber espionage-oriented campaign targeting technology companies and logistics entities, including those involved in the coordination, transport, and delivery of foreign assistance to Ukraine.

Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, military unit 26165 cyber actors are using a mix of previously disclosed tactics, techniques, and procedures (TTPs) and are likely connected to these actors’ widescale targeting of IP cameras in Ukraine and bordering NATO nations.

Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of until 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise, and posture network defenses with a presumption of targeting. For more information on Russian state-sponsored threat actor activity, see CISA’s Russia Cyber Threat Overview and Advisories page. 

Today, CISA and the Federal Bureau of Investigation released a joint Cybersecurity Advisory, LummaC2 Malware Targeting U.S. Critical Infrastructure Sectors.

This advisory details the tactics, techniques, and procedures, and indicators of compromise (IOCs) linked to threat actors deploying LummaC2 malware. This malware poses a serious threat, capable of infiltrating networks and exfiltrating sensitive information, to vulnerable individuals’ and organizations’ computer networks across U.S. critical infrastructure sectors.

As recently as May 2025, threat actors have been observed using LummaC2 malware, underscoring the ongoing threat. The advisory includes IOCs tied to infections from November 2023 through May 2025. Organizations are strongly urged to review the advisory and implement the recommended mitigations to reduce exposure and impact.