Over 100,000 websites using a popular JavaScript service (polyfill.io) are now victims of a web supply chain attack. A web supply chain attack is a cyberattack is a type of software supply chain attack that targets a third-party web software component to gain access to an organization’s systems or data. These attacks can be difficult to prevent because they can be hard to detect, take advantage of trust, and have long-lasting effects.

In a world where cybersecurity threats are ever evolving and increasingly sophisticated, businesses of all sizes need robust solutions to protect their networks. However, these solutions have traditionally been costly and complex. WatchGuard is changing that tradition with the launch of its new ThreatSync+ Network Detection and Response (NDR) solution.

At CrowdStrike, we’ve long known how difficult it is to detect attacks that involve stolen credentials. We themed the CrowdStrike 2024 Global Threat Report “the year of stealth” to highlight how attackers are moving away from malware and malicious attachments and toward more subtle and effective methods such as credential phishing, password spraying and social engineering to accomplish their objectives. Source: CrowdStrike 2024 Global Threat Report.

Serverless functions such as AWS Lambda, Google Cloud Functions and Azure Functions are increasingly popular among DevOps teams, as these cloud-based systems allow developers to build and run applications without managing the underlying infrastructure. But for all their benefits, serverless functions can also raise cybersecurity risk.

When evaluating models or products for their ability to scan and mask Personally Identifiable Information (PII) in your data, it's crucial to follow a systematic approach. Let’s assume you have a dataset with 1,000,000 rows, and you want to scan and mask each row.

The cloud offers unparalleled flexibility and scalability, from data storage to maintaining an online presence. However, this increased reliance on cloud infrastructure also brings heightened risks, particularly from DDoS attacks. Recent incidents underscore the urgent need for robust DDoS protection. For instance, the HTTP/2-based DDoS attack peaked last August, reaching over 398 million requests per second.

Laravel is a premier PHP framework and loved by hundreds of thousands of developers worldwide. In fact over 30% of our Aikido user base already leverages Laravel. As of today, we are Larvel’s preferred AppSec provider. Developers building with Laravel can directly secure their new or existing Forge apps within a few clicks – powered by Aikido. This integration is designed to help PHP developers get security done.

The IT and OT systems that support not only federal governmental agencies but also national critical infrastructure must be protected, but developing a security strategy effective against threats is no easy feat. It can be difficult to cover all of the necessary areas, given that these systems are “complex and dynamic, technologically diverse, and often geographically dispersed,” according to a report from the United States Government Accountability Agency (GAO).

Each day, it seems that we hear of another healthcare organization being compromised by a cyber attack. It is clear that the healthcare industry is the new favorite target amongst cybercriminals. Fortunately, vigorous efforts are available to combat these threats. We recently spoke to Errol Weiss, Chief Security Officer at Health-ISAC. Errol spearheads the information sharing and analysis center, helping to make the healthcare sector better informed and more resilient.

If you want to make Google tongue-tied, search for ‘MDM for Linux.’

Ransomware isn’t just a threat—it’s a harsh reality facing IT professionals in many industries. And while Kubernetes and OpenShift are powerful platforms for modern infrastructure, they introduce unique complexities that cybercriminals can exploit. The fallout from a successful attack is well documented: significant financial loss, operational downtime, and potential damage to your organization’s reputation.

Social engineering attacks have become increasingly sophisticated and diverse in today's digital-first world. Attackers have a toolbox full of tactics to manipulate individuals and organizations into revealing sensitive information or granting unauthorized access. By understanding the different types of social engineering attacks, you can better protect yourself against these manipulative techniques.