A selection of this week’s more interesting vulnerability disclosures and cyber security news. Not quite a direct breach of the company, but still a high risk of a new round of card testers. See that a lot…

Mobile applications, commonly referred to as mobile apps, are software programs designed to run on mobile devices such as smartphones and tablets. These apps can provide users with a wide range of functionalities, from social networking and entertainment to productivity and e-commerce. With the rapid growth of mobile technology in recent years, businesses have increasingly turned to mobile apps as a way to connect with their customers and streamline their operations.

Artificial intelligence (AI) has revolutionised the field of cyber security, offering unparalleled advantages in detecting and preventing sophisticated cyber threats. From detecting anomalies in network behaviour to automating threat response, AI has become an indispensable tool for organisations looking to strengthen their defence against cyber-attacks.

As more and more workloads move to the cloud, the attack surface security teams need to secure has grown exponentially. To guard the massive perimeter of the cloud, you need to position your cloud infrastructure to be as safe as possible by default.

If you have been optimistically daydreaming that losses attributed to cybercrime might have reduced in the last year, it's time to wake up. The FBI's latest annual Internet Crime Complaint Center (IC3) report has just been published and makes for some grim reading. According to the IC3 report, online fraud hit record losses in 2023, with the American public reporting US $12.5 billion, a 22% increase from the year before. However, this only counts reported crimes to the FBI.

Arctic Wolf and SC Media surveyed an audience of more than 500 North American IT security professionals in the fall of 2023 and discovered that, among those who currently have cyber insurance policies, 47% of them have had coverage for 12 months or less. A significant increase among the insured reflects the kind of growth one might expect from an industry that has seen monumental change in just a few short years.

The next crypto bull run is coming. Bitcoin’s price is up 120% from this time last year, and previous Bitcoin halving events have resulted in growth across the entire digital asset ecosystem. Given this growth, the space is witnessing significant institutional interest and a push for secure, reliable blockchain platforms.

Balancing developer velocity and security against bots is a constant challenge. Deploying your changes as quickly and easily as possible is essential to stay ahead of your (or your customers’) needs and wants. Ensuring your website is safe from malicious bots — without degrading user experience with alien hieroglyphics to decipher just to prove that you are a human — is no small feat. With Pages and Turnstile, we'll walk you through just how easy it is to have the best of both worlds!

We're proud to introduce the Advanced DNS Protection system, a robust defense mechanism designed to protect against the most sophisticated DNS-based DDoS attacks. This system is engineered to provide top-tier security, ensuring your digital infrastructure remains resilient in the face of evolving threats. Our existing systems have been successfully detecting and mitigating ‘simpler’ DDoS attacks against DNS, but they’ve struggled with the more complex ones.

Keeping track of who is accessing your systems and data is a critical part of any security program. Requirement 10 of the PCI DSS covers logging and monitoring controls that allow organizations to detect unauthorized access attempts and track user activities. In the newly released PCI DSS 4.0, Requirement 10 has seen some notable updates that expand logging capabilities and provide more flexibility for merchants and service providers.

In January 2024, Cloudflare employee Brittany Peach achieved social media virality when she recorded a video of her former company firing her and posted the exchange on TikTok, where it was viewed millions of times and featured as front-page news across mainstream media platforms. She’s just one of many employees recording and posting their layoff meetings online. This trend is accelerating as more companies make staffing cuts. However, these videos reflect more than just a viral internet trend.

With the proliferation of AI/ML enabled technologies to deliver business value, the need to protect data privacy and secure AI/ML applications from security risks is paramount. An AI governance framework model like the NIST AI RMF to enable business innovation and manage risk is just as important as adopting guidelines to secure AI. Responsible AI starts with securing AI by design and securing AI with Zero Trust architecture principles.