In what security experts are describing as a “distributed crisis,” a staggering 90% of cybersecurity and IT leaders worldwide reported experiencing cyberattacks targeting their cloud environments within the past year.
This alarming statistic emerges from comprehensive research conducted across ten countries, highlighting the increasing vulnerability of organizations as they transition from on-premises systems to hybrid cloud infrastructures.
The study, which surveyed more than 1,600 IT and security leaders, reveals that despite increased investment in cloud security, threat actors continue to find success in breaching these environments.
The nature of cloud-targeted attacks has evolved dramatically, with adversaries shifting away from traditional malware-based approaches toward more sophisticated identity-based intrusion methods.
According to the research, malware-free activity now accounts for 79% of all detected intrusions, a significant increase from just 40% in 2019.
This paradigm shift reflects attackers’ adaptation to modern enterprise environments, where they increasingly exploit valid credentials, engage in hands-on-keyboard intrusions, and deploy social engineering tactics to bypass conventional security measures.
The impact of these breaches has been severe, with 86% of organizations that experienced ransomware attacks ultimately paying the demanded ransom to recover their data or halt the attack.
Even more concerning, 74% of victims reported that attackers were able to harm backup and recovery options, effectively eliminating safety nets designed to mitigate such incidents.
Rubrik Zero Labs researchers identified a particularly troubling trend in their analysis: the dramatic reduction in “breakout time” – the period between initial compromise and lateral movement across systems.
“In 2024, the average breakout time for interactive eCrime intrusions fell to 48 minutes, down from 62 minutes in 2023,” noted security analysts.
“Alarmingly, the fastest breakout was recorded at just 51 seconds, meaning defenders may have less than a minute to detect and respond before attackers establish deeper control”.
The Rise of Identity-Based Attack Vectors
The report provides detailed insight into how identity-based attacks have become the preferred method for cloud environment infiltration.
Rather than breaking in through security vulnerabilities, attackers are simply logging in using compromised credentials.
This approach proves particularly effective in cloud and SaaS environments where traditional perimeter defenses offer limited protection.
Valid account abuse was responsible for 35% of cloud-related incidents, reflecting attackers’ growing focus on identity compromise as a gateway to broader enterprise environments.
Microsoft’s security telemetry supports this finding, revealing that they block over 600 million identity-based attacks daily.
These attacks typically begin with credential harvesting through phishing campaigns or purchase of stolen credentials from access brokers, whose activity surged by nearly 50% compared to the previous year.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source: https://cybersecuritynews.com/cybersecurity-leaders-encountered-cyberattacks/
If you’re building with AI, or trying to defend against the less savoury side of the technology, Meta just dropped new Llama security tools.
The improved security tools for the Llama AI models arrive alongside fresh resources from Meta designed to help cybersecurity teams harness AI for defence. It’s all part of their push to make developing and using AI a bit safer for everyone involved.
Developers working with the Llama family of models now have some upgraded kit to play with. You can grab these latest Llama Protection tools directly from Meta’s own Llama Protections page, or find them where many developers live: Hugging Face and GitHub.
First up is Llama Guard 4. Think of it as an evolution of Meta’s customisable safety filter for AI. The big news here is that it’s now multimodal so it can understand and apply safety rules not just to text, but to images as well. That’s crucial as AI applications get more visual. This new version is also being baked into Meta’s brand-new Llama API, which is currently in a limited preview.
Then there’s LlamaFirewall. This is a new piece of the puzzle from Meta, designed to act like a security control centre for AI systems. It helps manage different safety models working together and hooks into Meta’s other protection tools. Its job? To spot and block the kind of risks that keep AI developers up at night – things like clever ‘prompt injection’ attacks designed to trick the AI, potentially dodgy code generation, or risky behaviour from AI plug-ins.
Meta has also given its Llama Prompt Guard a tune-up. The main Prompt Guard 2 (86M) model is now better at sniffing out those pesky jailbreak attempts and prompt injections. More interestingly, perhaps, is the introduction of Prompt Guard 2 22M.
Prompt Guard 2 22M is a much smaller, nippier version. Meta reckons it can slash latency and compute costs by up to 75% compared to the bigger model, without sacrificing too much detection power. For anyone needing faster responses or working on tighter budgets, that’s a welcome addition.
But Meta isn’t just focusing on the AI builders; they’re also looking at the cyber defenders on the front lines of digital security. They’ve heard the calls for better AI-powered tools to help in the fight against cyberattacks, and they’re sharing some updates aimed at just that.
The CyberSec Eval 4 benchmark suite has been updated. This open-source toolkit helps organisations figure out how good AI systems actually are at security tasks. This latest version includes two new tools:
- CyberSOC Eval: Built with the help of cybersecurity experts CrowdStrike, this framework specifically measures how well AI performs in a real Security Operation Centre (SOC) environment. It’s designed to give a clearer picture of AI’s effectiveness in threat detection and response. The benchmark itself is coming soon.
- AutoPatchBench: This benchmark tests how good Llama and other AIs are at automatically finding and fixing security holes in code before the bad guys can exploit them.
To help get these kinds of tools into the hands of those who need them, Meta is kicking off the Llama Defenders Program. This seems to be about giving partner companies and developers special access to a mix of AI solutions – some open-source, some early-access, some perhaps proprietary – all geared towards different security challenges.
As part of this, Meta is sharing an AI security tool they use internally: the Automated Sensitive Doc Classification Tool. It automatically slaps security labels on documents inside an organisation. Why? To stop sensitive info from walking out the door, or to prevent it from being accidentally fed into an AI system (like in RAG setups) where it could be leaked.
They’re also tackling the problem of fake audio generated by AI, which is increasingly used in scams. The Llama Generated Audio Detector and Llama Audio Watermark Detector are being shared with partners to help them spot AI-generated voices in potential phishing calls or fraud attempts. Companies like ZenDesk, Bell Canada, and AT&T are already lined up to integrate these.
Finally, Meta gave a sneak peek at something potentially huge for user privacy: Private Processing. This is new tech they’re working on for WhatsApp. The idea is to let AI do helpful things like summarise your unread messages or help you draft replies, but without Meta or WhatsApp being able to read the content of those messages.
Meta is being quite open about the security side, even publishing their threat model and inviting security researchers to poke holes in the architecture before it ever goes live. It’s a sign they know they need to get the privacy aspect right.
Overall, it’s a broad set of AI security announcements from Meta. They’re clearly trying to put serious muscle behind securing the AI they build, while also giving the wider tech community better tools to build safely and defend effectively.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source: https://www.artificialintelligence-news.com/news/meta-beefs-up-ai-security-new-llama-tools/
Google on Tuesday announced it has acquired the Wiz cloud security platform in a $32 billion deal.
Google said in a press release that it has signed a definitive agreement to acquire Wiz in an all-cash transaction and is just waiting due to “customary closing conditions including regulatory approvals.”
The move, once closed, would join Wiz with Google Cloud in order to improve cloud security and accelerate the ability to “multicloud,” or use multiple clouds.
Wiz also put out a statement Tuesday, noting that Wiz and Google Cloud are “both fueled by the belief that cloud security needs to be easier, more accessible, more intelligent, and democratized, so more organizations can adopt and use cloud and AI securely.”
Google said the move is an investment in cybersecurity and cloud computing, which it said are rapidly growing industries with a vast range of solutions,” due to the “increased role of AI, and adoption of cloud services,” which is said “have dramatically changed the security landscape for customers, making cybersecurity increasingly important in defending against emergent risks and protecting national security.”
“Becoming part of Google Cloud is effectively strapping a rocket to our backs: it will accelerate our rate of innovation faster than what we could achieve as a standalone company,” Wiz said.
Google said it chose to acquire WIz due to its “easy-to-use security platform that connects to all major clouds and code environments to help prevent cybersecurity incidents.”
Google further added that this will allow it to provide protection to organizations ranging in size from “start-ups and large enterprises to governments and public sector organizations.”
However, the Wiz purchase will not impair its ability to be used across all major clouds, including Microsoft Azure, Amazon Web Services and Oracle Cloud platforms, and will still allow customers a variety of partner security solution choices, which will be available in the Google Cloud Marketplace.
“We will still work closely with our great partners at AWS, Azure, Oracle, and across the entire industry,” Wiz said.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source: https://www.upi.com/Top_News/US/2025/03/18/Google-Wiz-purchase-AI-cloud/5041742310995/
The zero-trust networking startup NetFoundry Inc. said today it has received its first cash injection from venture capitalists, raising $12 million in funding.
SYN Ventures was the sole participant in the round, and the cash will be used to help support the startup’s mission to simplify, secure and accelerate innovation in enterprise software.
NetFoundry is the creator of a cloud-native platform that’s used by enterprises to deploy and control high-performance zero-trust networks in the simplest way possible, without needing to set up or maintain any networking infrastructure.
The company says it has built a micro-segmented software-defined network that minimizes latency, packet loss and jitter, while providing “military-grade” security. It can be overlaid on top of any public internet connection, transforming networks into an on-demand software-as-a-service model. It’s used by companies to deploy new applications rapidly with embedded zero-trust network security.
Zero trust is a security framework that requires stringent verification for every user and device attempting to access an application or a resource, regardless of if they’re inside or outside of an organization’s network. Unlike traditional security models that rely on a defined network perimeter, zero-trust frameworks operate on the principle that no user or system should be trusted. As such, they require continuous authentication, authorization and verification in order to grant access to applications and data.
As more organizations shift their workloads and applications to public cloud infrastructure platforms, zero trust has become the standard security model. Enterprises have come to learn that traditional wide-area network models aren’t scalable, agile or secure enough for cloud computing, and that’s what NetFoundry is trying to capitalize on, helping them to embed zero trust directly into any application.
NetFoundry’s secure-by-design, network-as-code platform is based on the open-source zero-trust software framework OpenZiti, and it caters to both infrastructure providers and application builders. While businesses use it to secure any connected app or workflow across any network, infrastructure providers take advantage of its cloud-native, network-as-a-service model to embed zero trust within their own services.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
IBM will invest more than $30 billion in research and development to advance and continue its American manufacturing of mainframe and quantum computers.
IBM today announced a sweeping $150 billion investment plan to strengthen American innovation and leadership in advanced computing over the next five years, including more than $30 billion in research and development to advance and continue its American manufacturing of mainframe and quantum computers.
The move reinforces IBM’s commitment to American manufacturing, with a strong focus on expanding its capabilities in mainframe and quantum computing — two critical pillars for national security and economic competitiveness.
“Technology doesn’t just build the future — it defines it,” said Arvind Krishna, IBM chairman, president, and CEO.
IBM’s legacy of powering major American milestones, from the Social Security system to the Apollo Program, continues today in Poughkeepsie, New York, where Big Blue claims its American-built mainframes underpin more than 70% of the world’s transactional value.
Equally significant is IBM’s commitment to quantum computing, a technology poised to redefine the global technology landscape. IBM operates a large fleet of quantum computers and continues to design, build, and assemble these systems domestically. Quantum advancements promise to solve complex problems beyond the reach of classical computing, with profound implications for national security, cryptography, and industrial innovation.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Emera Inc. and Nova Scotia Power today announced, on April 25, 2025 they discovered and are actively responding to a cybersecurity incident involving unauthorized access into certain parts of its Canadian network and servers supporting portions of its business applications.
Immediately following detection of the external threat, the companies activated their incident response and business continuity protocols, engaged leading third-party cybersecurity experts, and took actions to contain and isolate the affected servers and prevent further intrusion. Law enforcement officials have been notified.
There remains no disruption to any of our Canadian physical operations including at Nova Scotia Power’s generation, transmission and distribution facilities, the Maritime Link or the Brunswick Pipeline, and the incident has not impacted the utility’s ability to safely and reliably serve customers in Nova Scotia. There has been no impact to Emera’s U.S. or Caribbean utilities.
Emera will release its Q1 Financial Statements and Management Disclosure and Analysis on May 8, 2025, as planned. At this time, the incident is not expected to have a material impact on the financial performance of the business.
Our IT team is working diligently with cyber security experts to bring the affected portions of our IT system back online.
Nova Scotia Power customers can find the latest updates at nspower.ca.
Forward Looking Information
This news release contains forward-looking information within the meaning of applicable securities laws, including without limitation, statements about Emera’s response to and the scope and impacts of the cybersecurity incident, the level of disruption and expectations about its impact on financial performance and timing of financial reporting. Undue reliance should not be placed on this forward-looking information, which applies only as of the date hereof. These statements and expectations may be impacted by a number of factors including availability of resources and continued analysis of our systems and the disruptions being experienced. By its nature, forward-looking information requires Emera to make assumptions and is subject to inherent risks and uncertainties. These statements reflect Emera management’s current beliefs and are based on information currently available to Emera management. There is a risk that predictions, forecasts, conclusions and projections that constitute forward-looking information will not prove to be accurate, that Emera’s assumption may not be correct and that actual results may differ materially from such forward-looking information. Additional detailed information about these assumptions, risks and uncertainties is included in Emera’s securities regulatory filings, including under the heading “Enterprise Risk and Risk Management” in Emera’s annual Management’s Discussion and Analysis, and under the heading “Principal Financial Risks and Uncertainties” in the notes to Emera’s annual and interim financial statements, which can be found on SEDAR+ at www.sedarplus.ca.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
At Microsoft, our shift to a Zero Trust security model—which began more than seven years ago—has helped us navigate many challenges.
The increasing prevalence of cloud-based services, mobile computing, internet of things (IoT), and bring your own device (BYOD) in the workforce have changed the technology landscape for the modern enterprise. Security architectures that rely on network firewalls and virtual private networks (VPNs) to isolate and restrict access to corporate technology resources and services are no longer sufficient for a workforce that regularly requires access to applications and resources that exist beyond traditional corporate network boundaries.
The shift to the internet as the network of choice and the continuously evolving threats led us to adopt a Zero Trust security model internally here at Microsoft. Though our journey began many years ago, we expect that it will continue to evolve for years to come.
The Zero Trust model
Based on the principle of verified trust—in order to trust, you must first verify—Zero Trust eliminates the inherent trust that is assumed inside the traditional corporate network. Zero Trust architecture reduces risk across all environments by establishing strong identity verification, validating device compliance prior to granting access, and ensuring least privilege access to only explicitly authorized resources.
Zero Trust requires that every transaction between systems (user identity, device, network, and applications) be validated and proven trustworthy before the transaction can occur. In an ideal Zero Trust environment, the following behaviors are required:
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.microsoft.com/insidetrack/blog/implementing-a-zero-trust-security-model-at-microsoft/
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities.
“This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes,” Netcraft said in a new report shared with The Hacker News.
“The new AI-assisted features amplify Darcula’s threat potential by simplifying the process to build tailored phishing pages with multi-language support and form generation — all without any programming knowledge.”
Darcula was first documented by the cybersecurity company in March 2024 as a toolkit that leveraged Apple iMessage and RCS to send smishing messages to users that trick recipients into clicking on bogus links under the guise of postal services like USPS.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html
U.S. officials will extend support for 11 months for a database of cyber weaknesses that plays a critical role in fighting bugs and hacks, a spokesperson said on Wednesday, just as the funding was due to run out.
The expected cut-off of payments for the non-profit MITRE Corp’s Common Vulnerabilities and Exposures database had spread alarm across the cybersecurity community.
The U.S.-backed database acts as a catalog for cyber weaknesses and allows IT administrators to quickly flag and triage the different bugs and hacks discovered daily.
The last-minute change of plan after the importance of the service was highlighted publicly is another instance of the confusion across government as U.S. President Donald Trump’s administration makes deep cuts to public spending.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Global enterprises are facing a serious security crisis as misconfigured Access Management Systems (AMS) expose sensitive employee data and grant potential access to restricted facilities. The vulnerabilities found across healthcare, education, manufacturing, and government industries put organizations at heightened risk of data breaches, financial losses, and compliance violations.
In some cases, attackers could manipulate credentials to bypass security systems entirely, raising urgent concerns over both digital and physical security, according to a report by cybersecurity firm Modat.
The findings suggest that hundreds of thousands of sensitive employee records have been exposed, including biometric information, identification details, photographs, and work schedules. In some cases, these vulnerabilities could allow unauthorized individuals to bypass physical security measures and gain entry into restricted facilities.
Access Management Systems are crucial in modern security and yet they can often present significant vulnerabilities,” the report said. “Some systems offer comprehensive access control features, but their network-connected nature can create potential attack vectors.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
