Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Locked and Loaded: Essential Tips to Fortify Mobile App Security

You've built a stellar app, but have you thought about its security? In today's cyber jungle, it's not only savvy but vital to protect the data in your app from threats. Dive into the essential tips to fortify mobile app security. Learn about app analytics and secure coding, and make your app functional and, most importantly, secure.

How To Detect and Prevent an Attacker's Lateral Movement in Your Network

To detect lateral movement, organizations need to identify abnormal network activity, map lateral movement paths, analyze user behavior and verify unknown devices. If left unnoticed, lateral movement can often lead to data breaches and the loss of highly sensitive data. Organizations can prevent lateral movement within their network by enforcing least privilege access, implementing zero trust, segmenting networks and investing in a PAM solution.

Understanding the Okta supply chain attack of 2023: A comprehensive analysis

In October 2023, Okta, a leading provider of identity and access management (IAM) solutions, experienced a data breach affecting its customer support system. This incident raised serious concerns about the security of sensitive information entrusted to Okta by its customers and partners.

Social Engineering Attacks Rising in the Trucking Industry

Spear phishing and voice phishing (vishing) are on the rise in the trucking industry, according to a new report from the National Motor Freight Traffic Association (NMFTA). “Spear phishing is still one of the most effective tools attackers have to breach networks,” the report says.

SYN Flood Attack: The What, Impact, and Prevention Methods

The Mirai Botnet, famous for massive DDoS attacks, used SYN flood techniques to hack 600,000 IoT devices. Targets like KrebsOnSecurity, Lonestar cell, and Dyn. The impact cascaded across key service providers that relied on Dyn’s services, affecting entities such as Sony Playstation servers, Amazon, GitHub, Netflix, PayPal, Reddit, and Twitter.

2023 Global Threat Roundup: Trends in Cyberattacks, Exploits and Malware

Our inaugural 2022 threat roundup report started by observing that “the year 2022 was eventful for cybersecurity.” As you can imagine, 2023 was no less eventful. Some of the key events included ongoing conflicts and the appearance of new ones, the emergence of critical vulnerabilities being mass exploited and the ever-increasing threat of cybercrime.

LoanDepot Updates on Cyberattack; 16.6 Million Potentially Compromised

Based in Irvine, California, LoanDepot is a nationwide mortgage lender. Their solutions assist homeowners in purchasing land and obtaining reasonable equity costs. They are licensed in 50 states and, in 14 years, have become the most significant nonbanking lender in the US. In the second week of January, we featured a piece on LoanDepot; at the time, they were in the throes of a cyber skirmish, fighting for control of their discombobulated systems.

Account takeover: Everything you need to know

Account takeover (ATO) is a form of identity theft that enables cybercriminals to send emails from a legitimate account within an organization. Hackers who gain control of an executive's account can request sensitive data and payments from employees in the knowledge that they're more likely to succeed than if they had simply created a spoofed email account. Our recently published Email Security Risk Report revealed that 58% of the 500 companies we surveyed had experienced instances of account takeover.

US Agencies Issue Cybersecurity Guide in Response to Cybercriminals Targeting Water Systems

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have published the guide in an attempt to promote cybersecurity resilience and improve incident response in the WWS sector.