News for today:
- Arctic Wolf to enhance Aurora Endpoint Security with AI. Arctic Wolf acquired UpSight Security and will add its AI-powered ransomware prevention and rollback capabilities to Aurora Endpoint Security. After the integration, Arctic Wolf will leverage UpSight Security’s patented technology to enhance Aurora Endpoint Security with predictive, on-device AI models that continuously analyze billions of endpoint events to anticipate and interrupt malicious behavior in real time. The enhanced capabilities will enable organizations to block ransomware before encryption or exfiltration, accelerate isolation of compromised hosts, and provide rollback recovery to restore affected systems quickly. Arctic Wolf
- Better Teams protection from HornetSecurity. The Microsoft Teams protection from HornetSecurity is getting an update, to counteract increased threat actor interest and activity in compromising Teams. Teams Protection scans all Teams messages containing URLs and instantly issues a warning message in the conversation when it detects a suspicious link. Administrators then gain control, allowing them to manage all detected threats to their Teams tenant directly within the Control Panel. Administrators can delete entire conversations containing malicious messages and prevent their senders from logging into Teams. They can also utilize the Auto-Remediate feature which automatically deletes chats where a malicious message has been found. HornetSecurity
- Integration between Veeam and Microsoft Sentinel. Veeam launched an app for connecting the Veeam Data Platform with Microsoft Sentinel, providing intelligence on threats against backup processes within Sentinel for rapid resolution and workflow integration. As cyber-attacks increasingly target backup environments, many SOC teams face a critical visibility gap in their security posture ecosystem leaving organizations vulnerable to attacks on their last line of defense – their backups. The new Veeam App for Microsoft Sentinel helps close this gap by bringing backup intelligence directly into the SOC, allowing IT and Security teams to collaborate in real-time, detect threats earlier, and respond with speed and coordination. Veeam
- GreyNoise and CrowdStrike Falcon Next-Gen SIEM. GreyNoise integrated its network-based real-time threat intelligence capabilities with CrowdStrike Falcon Next-Gen SIEM. The integration enriches the data available within Falcon for threat detection. Through this integration, Falcon Next-Gen SIEM users gain direct access to GreyNoise’s actionable network intelligence to enrich perimeter-related alerts. GreyNoise’s global sensor network of over 5,000 sensors across 80 countries analyzes up to one billion sessions per day, tracking more than 50 million IPs to deliver verified context on scanning and exploitation activity. Combined with Falcon’s AI-powered detection and response, SOC teams can cut through alert noise and focus on the most critical threats. Available immediately. GreyNoise
- Ransomware in retail. 46% of ransomware incidents in retail organizations began with an unknown security gap and 58% of victims who had data encrypted paid the ransom for a decryption key. In the past year, the Sophos X-Ops has observed nearly 90 distinct threat groups target one or more retailers with ransomware or extortion across leak sites. The most active groups Sophos has tracked from incident response and MDR cases are Akira, Cl0p, Qilin, PLAY, and Lynx. After ransomware, account compromise was the second most common incident type seen against retailers. And like many industries, retail is a consistent target of business email compromise (BEC) groups seeking to divert payments, which is the third most common incident type. Sophos
- Delinea and IBM’s OEM agreement expanded. The full Delinea platform is now available to IBM customers via an expanded OEM agreement between Delinea and IBM. The expanded collaboration between Delinea and IBM delivers a unified view of privileged activities and consistent privileged access controls across environments to help mitigate risk, track compliance, and boost productivity for security and IT teams. The full Delinea Platform will be available to customers through IBM Verify Privileged Identity Platform in Q4 2025. Delinea