Network Security

The Good | China Spy Handed 4-Year Jail Term Good news for national security this week as the U.S. Department of Justice successfully prosecuted a 59-year-old man for spying on behalf of China. Ping Li, of Wesley Chapel, Florida, was sentenced to four years in prison for conspiring to act as a spy for China’s […]

The Good | DoJ Charges Phobos RaaS Admin & 5 Defendants Running Data Extortion Attacks Russian national, Evgenii Ptitsyn, has been extradited from South Korea to the U.S. to face charges of wire fraud, conspiracy to commit computer fraud, and extortion related to hacking. According to court reports, Ptitsyn provided the Phobos ransomware-as-a-service (RaaS) operation

The widespread adoption of AI introduces unique security considerations. Misconfigurations in AI infrastructure and unsecured APIs can create weaknesses that cybercriminals will exploit. In this blog post, we dive deep into how SentinelOne’s agentless AI Security Posture Management (AI-SPM) solution addresses these challenges by offering AI inventory automation, misconfiguration detection, and attack path analysis to

The Good | Extortionist Sentenced to 10 Years For Cybercrimes Against U.S. Medical Clinics This week, the FBI sentenced Robert Purbeck to 10 years in prison for stealing personal data from over 132,000 individuals across 19 U.S. organizations. Purbeck is also known as “Lifelock” and “Studmaster” online and has been carrying out cybercrimes and extortion

As serverless computing continues to revolutionize the cloud landscape, AWS Lambda has emerged as a pivotal service, offering a Function-as-a-Service (FaaS) model that allows developers to focus solely on code while AWS manages the underlying infrastructure. This shift towards serverless architectures brings new security challenges and considerations that security researchers and professionals must understand and

The Good | Police Seize Infostealer Malware Operations & Charge Suspected Administrator Executing “Operation Magnus”, Dutch National Police this week joined forces with international law enforcement groups to disrupt the network infrastructure for Redline and Meta infostealer malware. Considered popular tools on platforms like Telegram, Redline and Meta are commonly used by attackers to steal

In this blog post, we take the concepts from Climbing The Ladder | Kubernetes Privilege Escalation (Part 1), which examined privilege escalation in Kubernetes environments and the danger of system pods, and now take a deep dive by analyzing an explicit use case. Part 2 of this series explores how a chain of misconfigurations in

The Good | CISA Safety Proposal Set to Protect U.S. Data & Recovery Tool for Mallox Ransomware Published Following President Biden’s Executive Order 14117, signed earlier in the year, CISA has proposed new security measures to prevent adversary nations from accessing sensitive personal and government-related data across the U.S. The proposal is aimed at organizations

Kubernetes (K8s) has become an integral part of cloud-native environments, offering powerful container orchestration capabilities that enable organizations to deploy, manage, and scale applications efficiently. However, as Kubernetes adoption grows, so does its attractiveness as a target for attackers. This is the first Attack post within our new Cloud & Container – Attack & Defend

Last week, researchers at Trend Micro published a report on a macOS malware sample that had credible file locking and data exfiltration capabilities and masqueraded as LockBit ransomware on successful encryption of a user’s files. Until now, ransomware threats for Mac computers had been at best ‘proof of concept’ and at worst entirely incapable of