In the current digital age, cloud malware threats pose a serious risk to businesses of all sizes. Companies are shifting rapidly to cloud-based infrastructure for agility and scalability. However, cybercriminals are also evolving. They’re now targeting these systems with malware tailored to exploit cloud vulnerabilities. As a result, security leaders must adopt smarter, faster, and more flexible defense strategies.
Notably, cloud malware thrives on interconnectivity. Once it enters the system—often through misconfigured settings—it spreads laterally. It uses shared resources and APIs to jump from one service to another. This can lead to severe data breaches and major disruptions. On average, recovery from a cloud malware incident can cost upwards of $4.5 million. Moreover, it affects trust, damages brand image, and often leads to compliance issues.
Although the threat is real, businesses can fight back effectively. The key is awareness, automation, and accountability.
Strategic Measures to Defend Against Cloud Malware Threats
To fight cloud malware threats, businesses must take layered action. First and foremost, automated threat detection tools help identify unusual activity. They also isolate infected resources quickly. This reduces the spread and gives security teams time to act. Because cloud systems work in real time, automated protection becomes essential.
Equally important, training staff remains a strong line of defense. Employees who understand social engineering risks can spot phishing attempts earlier. That awareness helps block entry points before attackers exploit them. Over time, a well-trained team becomes your first firewall.
Moreover, understanding cloud responsibility is vital. Cloud vendors secure infrastructure, but your business must protect its own data. That includes monitoring access, encrypting data, and controlling user privileges. If you overlook this, cloud malware will find an opening. Therefore, both sides must play their role fully.
To sum up, cloud malware threats are here to stay—but they’re not unbeatable. With vigilant teams, clear security policies, and automated tools, companies can stay ahead of attackers. Focus on proactive steps and build a culture where security is everyone’s business.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security,follow SOC News.
News Source: cybersecuritynews.com
As cyber threats continue to evolve, Microsoft has responded proactively by expanding access to its cloud-based logging tools.
This initiative, known as Microsoft Expanded Cloud Logs, provides organizations with greater visibility into their cloud environments.
Now, detailed logs are available for critical services like Exchange, SharePoint, and Microsoft Teams.
With these comprehensive logs, security teams can efficiently track both user and admin activity.
Consequently, they can identify suspicious behavior more quickly and take action to address threats in real-time.
Previously, these advanced logging features were only available to premium-tier service plans.
However, Microsoft has now extended these features to standard-tier customers at no additional cost.
As a result, more businesses—particularly smaller organizations—can benefit from enhanced security insights.
The updated logs include more than 30 new types of data, such as email activity, file access, and internal searches.
These improvements enable security teams to identify potential risks that may have otherwise gone unnoticed.
This expansion is part of a larger push within the industry for greater transparency in cloud security.
By making these powerful tools available to more users, Microsoft strengthens the overall cybersecurity foundation for its clients.
Microsoft Expanded Cloud Logs and Practical Implementation Support
To ensure the success of the expanded logging tools, Microsoft collaborated with the Cybersecurity and Infrastructure Security Agency (CISA).
Their joint goal was to create a solution that works effectively for organizations of all sizes, from small startups to large enterprises.
In addition, CISA released a detailed Implementation Playbook to help users properly set up and leverage the new logs.
The playbook provides clear, step-by-step instructions for integrating the logs into existing systems.
Moreover, it includes support for popular platforms like Microsoft Sentinel and Splunk.
By following these guidelines, IT teams can quickly move from visibility to action with less effort.
With the correct configuration, security teams can streamline threat detection processes, reduce investigation time, and improve overall response accuracy.
In conclusion, the Microsoft Expanded Cloud Logs initiative marks a significant leap forward in cloud security.
It not only enhances data access but also provides users with clear guidance on how to use these tools effectively.
In today’s ever-changing and complex threat landscape, having this level of visibility is not just helpful—it is crucial for maintaining robust cybersecurity.
Stay informed about the latest developments in cybersecurity. Explore more insights at Soc News.
News Source: solutionsreview.com
Datadog 2025 revenue forecast has been officially raised, driven by a strong first-quarter performance and surging demand for artificial intelligence and cloud-based security solutions. The company, known for its cloud monitoring and analytics tools, now expects annual revenue to reach between $3.22 billion and $3.24 billion—up from its previous guidance of $3.18 billion to $3.20 billion. This boost in outlook reflects not only solid sales but growing interest in Datadog’s expanding suite of AI-enabled products.
In Q1, Datadog posted $761.6 million in revenue, marking a 25% increase compared to the same period last year. The results easily beat Wall Street estimates, which stood at $741.5 million. The company also reported adjusted earnings per share of 46 cents, exceeding analyst expectations of 43 cents. Notably, Datadog saw a 13% year-over-year increase in high-spending customers, with more than 3,770 clients now contributing over $100,000 in annual recurring revenue—a strong signal of long-term enterprise commitment.
CEO Olivier Pomel attributed the growth to new feature rollouts, such as App Builder and On-Call, as well as steady demand for advanced security capabilities. Datadog is also deepening its investment in artificial intelligence through strategic moves like the recent acquisition of Eppo, a feature flagging and experimentation platform. This acquisition strengthens Datadog’s analytics infrastructure, enabling customers to deploy AI-powered experiments faster and more securely.
As AI continues to reshape enterprise operations, Datadog is positioning itself at the center of that transformation. The company’s focus on scalable, secure, and integrated tools is resonating with IT leaders navigating complex cloud environments. This improved forecast is more than a numbers bump—it’s a sign of confidence in Datadog’s vision and its growing role in the future of enterprise tech.
News Source: finance.yahoo.com
For deeper analysis and ongoing coverage of Datadog’s growth and the tech earnings landscape, visit SOC News.
Website owners using the OttoKit WordPress plugin, formerly known as SureTriggers, are being urged to take immediate action due to a serious security flaw. The OttoKit WordPress plugin vulnerability has put over 100,000 websites at risk. Two major flaws, tracked as CVE-2025-27007 and CVE-2025-3102, allow attackers to gain admin-level access without needing to log in. This means hackers can hijack sites, add rogue accounts, and take control of critical settings with little effort.
The first vulnerability (CVE-2025-27007) is tied to how the plugin connects to WordPress installations that don’t use application passwords. Without this basic layer of protection, it becomes easier for an attacker to exploit the system. The second flaw (CVE-2025-3102), which has been under active attack since April 2025, lets threat actors create new admin accounts—giving them full access without raising alarms.
Researchers have already seen scans and exploitation attempts in the wild. Hackers are actively hunting down sites that haven’t been updated, hoping to slip through these cracks before they’re patched. Unfortunately, many website owners may not be aware their site is at risk—especially if they haven’t updated plugins recently or rely on auto-installs that miss patch notes.
If you’re running OttoKit, the best thing you can do right now is update to version 1.0.83. This release fixes both vulnerabilities and stops attackers from using these specific entry points. Delaying even a few days can leave your site wide open, especially with exploits now circulating publicly.
Cybersecurity experts are calling this a high-priority issue for WordPress users. The longer these flaws stay unpatched, the more likely it is that sites will be compromised. Don’t wait for damage to happen—take action today.
News Source: thehackernews.com
Don’t wait for a breach. For expert updates on WordPress plugin flaws, visit SOC News Today.
Cybersecurity officials in the United States have issued a serious warning about ongoing threats to Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems—especially those in the oil and gas sector. Agencies including CISA (Cybersecurity and Infrastructure Security Agency), the FBI, the EPA, and the Department of Energy have come together to alert operators about a new wave of cyberattacks. The concern? Hackers are targeting these systems with methods that are surprisingly simple, yet extremely dangerous.
The attackers aren’t using highly sophisticated techniques. Instead, they are exploiting common weaknesses—like default login credentials that were never changed, or remote access systems that aren’t properly secured. These might sound like minor oversights, but in critical infrastructure, the consequences are huge. A successful attack could lead to defaced systems, complete shutdowns of essential services, or even damage to physical equipment that costs millions to replace.
What makes this threat more alarming is how avoidable it is. Agencies are encouraging organizations to take immediate and practical action to secure their systems. One of the first recommendations is disconnecting Operational Technology (OT) systems from the public internet. Public exposure creates unnecessary risk, especially when the systems control things like oil pipelines or refinery operations.
Strong password management is another major step. Using complex, unique passwords—and avoiding default or reused credentials—is crucial. In addition, remote access should only be allowed through secure, private networks. Where remote access is necessary, it should always be protected with phishing-resistant multi-factor authentication.
Another key point is segmentation. ICS and SCADA systems should be separated from the main IT networks using secure demilitarized zones (DMZs). This helps contain any breaches and limits an attacker’s ability to move through connected systems. Organizations should also prepare for the worst by maintaining manual operation capabilities in case digital systems are compromised.
These steps may seem basic, but they are often overlooked. As cybersecurity threats increase, especially in critical sectors like oil and gas, there is no room for neglect. This advisory is a strong reminder that protecting ICS SCADA systems is not optional—it’s a priority.
News Source: cybersecuritynews.com
For deeper coverage on ICS SCADA systems cybersecurity and expert insights on infrastructure threats, visit SOC News.
U.S. prosecutors in recent days won an extradition case to bring a suspected cybercriminal from Spain to the United States and may be able to get another suspect shipped from the UK to face charges in an unrelated hacking case.
Artem Stryzhak, a Ukrainian citizen arrested in Spain last year for launching a series of ransomware attacks against organizations in the United States, Canada, and Australia that cost victims millions of dollars in ransom payments and damage to their systems, was extradited from Spain earlier this month to face a range of crimes, according to the U.S. Justice Department.
Stryzhak is accused of using the Nefilim ransomware in the attacks, striking a deal in 2021 with administrators of the ransomware-as-a-service (RaaS) operations to use its malware in return for 20% of what he collected through ransom payments.
“He operated the ransomware through his account on the online Nefilim platform, known as the ‘panel,’” the DOJ wrote in announcing his extradition from Spain. “When he first obtained access to the panel, Stryzhak asked a co‑conspirator whether he should choose a different username from the one he used in other criminal activities in case the panel ‘gets hacked into by the feds.’”
Big Targets
Stryzhak and his unnamed co-conspirators targeted organizations that had more than $100 million in annual revenue, using online databases to get data about their targets like net worth, size, and contact information. In July 2021, a Nefilim administrator was encouraged to go bigger and attack companies with more than $200 million in yearly revenue, prosecutors said.
In keeping with Nefilim tactics, he would run double-extortion campaigns, not only encrypting victims’ data but also exfiltrating it and threatening to publicly expose the data on public leak sites if a ransom wasn’t paid.
In the partially redacted indictment against Stryzhak, prosecutors wrote that affiliates using the Nefilim ransomware “typically customized the ransomware executable file … for each ransomware victim. The customization allowed the ransomware actors to create a decryption key that could only decrypt the network of the specific victim against which the ransomware was deployed and allowed ransomware actors to create customized ransom notes.”
A Range of Victims
Victims who paid the ransom usually got a decryption key in return to restore their data, prosecutors wrote. Those victims included companies in such industries as engineering, aviation, chemicals, construction, and oil and gas. There was also an international eyewear firm and a pet care organization that were targeted in the attacks, they wrote.
“The criminals who carry out these malicious cyber-attacks often do so from abroad in the belief that American justice cannot reach them.,” John Durham, U.S. attorney for the Eastern District of New York, said in a statement, adding that the extradition and charges filed against Stryzhak “prove that they are wrong.”
Stryzhak is charged with conspiracy to commit fraud, extortion, and other crimes.
Hacking-for-Hire Alleged
Earlier in the same week, an English judge reportedly cleared the path for an Israeli private investigator accused by U.S. prosecutors of running an elaborate “hacking-for-hire” campaign against climate activists and environmental groups.
The DOJ has charged Amit Forlit with conspiracy to commit computer hacking, conspiracy to commit wire fraud, and wire fraud, alleging he was hired a lobbyist group that represented oil-and-gas giant ExxonMobil, among other companies. The hacking campaign almost a decade ago was designed to discredit environmentalist organizations and leaders that were pursuing climate change lawsuits in the United States, claiming that fossil fuel companies for decades misled the public about the threats of a warming planet, such as more extreme storms and flooding due to rising ocean levels.
According to The New York Times, prosecutors are alleging that the 57-year-old Forlit – who ran two investigation companies in Israel and a third in the United States – hacked more than 100 victims and stole confidential information at the request of the lobbying and consulting firm, an effort that earned him at least $16 million.
Officials with ExxonMobil and the lobbying group, DCI Group, denied involvement in any hacking campaigns.
Big Oil vs. Climate Activists
Forlit was arrested in London months after an associate, Aviram Azari – another Israeli private detective – pleaded guilty to such charges as conspiracy and wire fraud. According to NPR, a DOJ affidavit filed in the extradition case outlined how the operation allegedly worked, with a D.C. lobbying firm telling Forlit which people and organizations to target and Forlit or a co-conspirator giving the list to Azari.
Forlit reportedly has two weeks to appeal the British court’s ruling.
Azari then allegedly hired the hackers who targeted the activists and firms, with the lobbying firm then allegedly sharing private documents obtained via the hacking with the oil company. The private documents would then find their way into media reports and then used in court filings to push back against the lawsuits.
The Union of Concerned Scientists was among those targeted, as was the head of the Rockefeller Family Fund, the New York Times reported.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Tech Edge hosted a fireside chat on April 29 at RSAC 2025 in San Francisco with Corey Still, Vice President of Strategic Alliances at Corero Network Security. The in-person interview was joined by Editor-in-Chief John Jannarone and they discussed which technological breakthroughs in cybersecurity will have the most significant impact in the next two years, among other topics.
About Corey Still
Corey Still is the Vice President of Strategic Alliances with Corero Network Security. In this role, he is responsible for forging and nurturing strategic partnerships to enhance Corero’s market presence and drive growth. Corey leverages his extensive industry experience in order to identify and capitalize on opportunities for collaboration, ensuring mutual success for Corero and its partners across the globe.
Previously, Corey was the Director of Cyber Security and Software Defined Wide Area Network (SDWAN) Practices with Bell Business Markets. There, he led the security and SDWAN product teams, which were responsible for the Professional Service and Managed Services products and services delivered to the market. He and his team established strategic direction, development, and support for offerings across all layers of a customer’s infrastructure, including endpoint, on premise, network, mobility, and cloud.
About Corero Network Security
Corero Network Security is a leading provider of DDoS protection solutions, specializing in automatic detection and protection solutions with network visibility, analytics, and reporting tools. Corero’s technology protects against external and internal DDoS threats in complex edge and subscriber environments, ensuring internet service availability. With operational centers in Marlborough, Massachusetts, USA, and Edinburgh, UK, Corero is headquartered in London and listed on the London Stock Exchange’s AIM market (ticker: CNS) and the US OTCQX Market (OTCQX: DDOSF).
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
CUJO AI, the leading provider of AI-driven cybersecurity and network intelligence solutions for network service providers (NSPs), has won the Next Gen Cybersecurity Visionary award from Cyber Defense Magazine (CDM), the industry’s leading information security publication. The award was announced during the RSA Conference 2025 (RSAC).
The awards are judged by certified security experts (CISSP, FMDHS, CEH), who independently evaluate each submission. CDM prioritizes innovation over company size or revenue, seeking out next-generation InfoSec solutions that push the boundaries of cybersecurity.
“We scoured the globe looking for cybersecurity innovators that could make a huge difference and potentially help turn the tide against the exponential growth in cybercrime. CUJO AI is absolutely worthy of this coveted award and consideration for deployment in your environment,” said Yan Ross, Global Editor of Cyber Defense Magazine.
With a global clientele comprising major network operators, CUJO AI understands the unique challenges of securing connected devices. Its innovative solutions are tailored to provide comprehensive protection for IoT environments, ensuring the integrity and resilience of entire network infrastructures.
“We’re proud to be recognized among the best in cybersecurity,” said Remko Vos, CEO of CUJO AI. “Being evaluated by leading InfoSec experts from around the globe means only the most proven solutions are celebrated — and we’re thrilled to be among them.”
About CUJO AI
CUJO AI enables network service providers to understand, serve, and protect consumers with advanced cybersecurity and granular network and device intelligence. CUJO AI’s advanced AI algorithms help NSPs uncover previously unavailable insights to raise the bar for customer experience and retention with new value propositions and improved operations. Fully compliant with all privacy regulations, CUJO AI services are trusted by the largest broadband operators worldwide, including Comcast, Charter Communications, T-Mobile USA, Deutsche Telekom, TELUS, Sky Italia, Sky UK, Rogers, Cox, Shaw, Videotron, BT and EE.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Trend Micro has introduced new AI-powered threat detection capabilities aimed at enterprises scaling up their AI operations.
The new solution has been developed to protect AI-driven workloads and enterprise business processes, managing risks associated with the transition from generative AI to agentic AI, such as data theft, sabotage, and operational disruption.
Trend Micro’s latest offering brings together its security expertise with NVIDIA’s accelerated computing and AI enterprise software, while deploying on AWS’s secure, cloud-native infrastructure. The integration is intended to enable real-time, scalable threat detection and protection for organisations with expanding AI footprints.
The AI Detection Model at the core of this development leverages the NVIDIA Morpheus AI framework, which is part of NVIDIA AI Enterprise. The detection model operates on the high-performance cloud environment provided by AWS, allowing rapid and precise analysis of vast enterprise data streams.
According to Trend Micro, AWS was selected for its global reach, integrated security, and compliance-oriented architecture, while NVIDIA’s technology contributes the computational capacity necessary for running advanced detection models with high efficiency.
Chris Grusz, Managing Director, Technology Partnerships for AWS, said, “Built on AWS’s cloud-native infrastructure, Trend’s platform takes full advantage of NVIDIA AI software and accelerated computing capabilities to power scalable, low-latency threat detection. With AWS’s global footprint and integrated services, Trend can securely process telemetry at scale, adapt detection models to evolving threats, and support customers worldwide—all while accelerating time to value.”
The wider Trend Vision One platform also integrates AWS AI services, including Amazon Bedrock, which supports Workbench Insights. These components are designed to improve investigation workflows and deliver additional context to security operations centre (SOC) teams during incident response situations.
Mick McCluney, ANZ Field CTO at Trend, commented, “AI is reshaping the enterprise, and security has to evolve just as fast. We’re bringing together best-in-class partners in both cloud and AI to deliver something truly differentiated. AWS’s secure and resilient infrastructure gives us the scale, performance, and global availability needed to meet the always-on demands of today’s enterprises. So our customers can detect and respond to threats faster, with confidence.”
The anomaly detection capability within the solution employs AI models based on NVIDIA Morpheus. This allows the system to identify novel patterns in large streams of telemetry data and logs. The implementation on AWS enables the platform to scale effectively, managing extensive datasets and rapidly building custom detection models for individual customers. This approach seeks to prioritise the most critical events and prompt faster security responses.
Key features of the technology include NVIDIA Morpheus Digital Fingerprinting, which identifies subtle, previously unknown anomalies. There is also the use of NVIDIA RAPIDS to expedite large-scale data classification, enhancing real-time detection and prevention of sensitive information leaks. The platform’s native operation on AWS allows it to leverage the elasticity, global reach, and inherent security of AWS services, supporting ongoing advancements in AI-enabled detection while meeting enterprise compliance and performance benchmarks.
Robert Miller, VP of Corporate Security at Sierra-Cedar, highlighted the practical benefits of the solution: “We’re dealing with an increasingly complex environment with more data. Trend stands out as it doesn’t just provide threat intelligence, it helps make sense of it. Our team can access Trend’s AI-powered platform directly via AWS Marketplace, streamlining procurement and deployment across global cloud environments. This powerful combination allows us to strengthen our security posture and identify threats much faster than we could manually.”
The introduction of these new AI-powered threat detection capabilities is positioned to address the rapidly evolving landscape of enterprise cybersecurity as organisations integrate artificial intelligence deeper into their operations.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source: https://securitybrief.com.au/story/trend-micro-launches-ai-threat-detection-for-enterprise-security
Living-off-the-land attacks are rising fast. Learn why they work — and how tailored hardening helps stop them without disrupting your business.
Living-off-the-land (LotL) attacks — where adversaries exploit legitimate system tools to carry out malicious activities — are becoming increasingly prevalent and sophisticated. Bitdefender’s internal threat analysis reveals that nearly 70% of successful cyberattacks utilize LotL techniques.
What’s driving this surge? An overreliance on detection, an unnecessarily large attack surface at nearly every organization, and a failure of traditional application control and attack surface reduction rules. You might call it a living-off-the-land trifecta.
Leaked Threat Actor Chats: We Live Off the Land
When someone leaked communications from the Black Basta ransomware group, it revealed the group’s LotL strategy. One of the group’s leaders shared: “If we use standard utilities, we won’t be detected… we never drop tools on machines.”
In other words, instead of the noisy attacks of the past, they leverage your legitimate tools and applications to secretly go deeper into your environment, most often leveraging this access for ransomware and data exfiltration.
These attacks are popular for four main reasons. They leverage what’s already there, so threat actors can avoid investing in tools of their own. They also cover all stages of an attack, from initial reconnaissance to lateral movement, data exfiltration, and even data encryption. And many of these tools are flexible, so threat actors can adapt them to their needs.
And perhaps the biggest advantage of LotL attacks is the ability to blend seamlessly with normal system activity. By using legitimate tools, attackers bypass legacy security solutions that rely on detecting suspicious custom tools and behavior.
Attack Surfaces and Failed Controls
For years now, IT and security teams have tried to minimize their attack surface by using allow lists. While they reduce attack surfaces somewhat, these tools often miss key preinstalled binaries and utilities, and they impair productivity or add overhead for IT teams when deployed on any system other than fixed-function devices. Similarly to attack surface reduction rules, as modern environments evolve rapidly, keeping up with changes and exceptions becomes overwhelming for administrative teams.
This is why attackers now celebrate that they can expect to find legitimate tools to abuse and remain hidden in their victims’ environments. To avoid slowing down business, organizations have invested in improving their detection and response capabilities to be able to discover and stop attackers that attempt to blend in using trusted tools. However, even the best security operations teams struggle to differentiate between legitimate tool usage by employees and attacker activity, which can give attackers the time they need to achieve their goals.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source: https://www.darkreading.com/endpoint-security/lotl-attacks-new-defensive-strategy
