September 29, 2023

1. Risk Management – An Approach for Evolving Threat Landscape

Risk management has become essential and vital to organizations of all kinds of businesses. The rate of the level of sophistication of cyber attacks is rising, and companies need to approach vulnerabilities proactively to secure sensitive data and business operational continuity.

Risk management can be defined as its relevance to the notion of risk assessment, which includes identifying assets, assessing risks, and finding vulnerabilities. Organizations may prioritize their activities and allocate resources more efficiently by undertaking detailed risk assessments.

2. Knight Ransomware emergence unveiled

The incident happened with the fake TripAdvisor complaint emails that distributed the Knight ransomware. This unravels the meticulously orchestrated attack, unearthing its multifaceted mechanisms.

The origins trace back to the emergence of the Cyclops ransomware operation in May 2023. Operating within the realm of Ransomware-as-a-Service (RaaS), Cyclops embarked on a journey to recruit affiliates on the RAMP hacking forum equipped with encryptors targeting Windows, macOS, and Linux/ESXi systems. Unlike conventional RaaS offerings, Cyclops introduced a distinct twist, information-stealing malware for both Windows and Linux, signaling a shift in the threat landscape.



We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

3. DoubleDrive attack on OneDrive

Microsoft’s OneDrive can be used as ransomware to encrypt most of the files on a target machine without the possibility of recovery, partly because the program is inherently trusted by Windows and other EDR solutions.

Microsoft has patched flaws so that the attack no longer works on OneDrive client versions 23.061.0319.0003, 23.101.0514.0001, and later. Yair has packaged his OneDrive attack process into an automated tool called DoubleDrive, which works on an older version of OneDrive and is available on GitHub at


4. MongoDB Queryable Encryption GA

MongoDB has announced the availability of Queryable Encryption, an end-to-end data encryption technology for securing sensitive application workflows.

Queryable Encryption provides the capability to reduce the attack surface for confidential data in several use cases. Data remains encrypted at insert, storage, and query, with both queries and their responses encrypted over the wire and randomized for resistance to frequency analysis. However, there is a cost to space and time requirements for queries involving encrypted fields.

Leave a Reply

%d bloggers like this: