Avast researchers have discovered cybercriminals using an old medium (PDFs) in a new--and dangerous--way.

Defeat the scammers by educating yourself and your employees about these increasingly common tax-related scams.

More often, spam emails are similar to an unwelcome houseguest who wouldn’t go away. Opening your inbox to discover it filled with unwanted messages is a common and frustrating experience for many. Some are merely annoying advertisements vying for attention, while others take a more sinister approach, aiming to extort individuals from scams or infect gadgets with viruses. Therefore, being alert and discerning while navigating the internet is essential for avoiding threats.

Now in its ninth edition, the 2024 “Open Source Security and Risk Analysis” (OSSRA) report delivers an in-depth look at the current state of open source security, compliance, licensing, and code quality risks in commercial software.

Since July 2022, Bitsight has been tracking PrivateLoader, the widespread malware downloader behind the Russian Pay-Per-Install (PPI) service called InstallsKey. At the time, this malware was powering the now decommissioned ruzki PPI service. Figure 1 presents a brief description of the service, which was found in their sales telegram channel. Fig. 1 - Service description on telegram channel profile (Russian and English).

With so many cyber security priorities to balance, it isn’t always easy to know where to start. The mistake that many organisations make is to view threats originating from outside as their sole focus. However, with insider threats proving a persistent presence, this can often be a very costly oversight. This guide seeks to provide clarity on the different types of insider threats you need to be aware of and the controls and processes you can put in place to defend against them.

While tech sector media coverage on cybersecurity has primarily focused in recent years on trends such as ransomware attacks, vulnerabilities in the DevOps chain, and the growing role of AI in combating threats, a quiet but significant development has been advancing under the radar on several fronts: we refer to the more assertive stance taken by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to elevate security best practices in government and the private sector.

Organizations are increasingly relying on Kubernetes to orchestrate and manage their containerized applications. While Kubernetes offers a powerful framework for deploying and scaling applications, managing complex applications manually can be a daunting, error-prone, and lead to a multitude of security issues. One of the primary challenges lies in the sheer complexity of managing multiple components across a Kubernetes cluster.