The landscape of coding is changing as developers embrace AI, automation, microservices, and third-party libraries to boost productivity. While each new approach enhances efficiency, like a double-edged sword, flaws and vulnerabilities are also introduced faster than teams can fix them. Learn about one of the latest innovations solving this in a recap of what our security experts discussed at AWS re:Invent 2023.
Software package hijacking has become a prominent concern for individuals, businesses, and the cybersecurity community at large. We’ve seen this new threat trend rise over the past couple of years, with the potential to severely impact the software supply chain by attackers exploiting software packages to execute malicious code. This blog post details a case study conducted by our security research team, in an effort to trace the typical time before a package hijack is detected.
As the holiday season comes into full swing, it’s estimated that cyberattacks go up by as much as 30% during this period. To help increase cyber resilience—and stay vigilant well into the new year—SecurityScorecard is sharing some of our key AI predictions for 2024 based on the trends we’ve observed this past year.
Read also: Microsoft takes legal action against cybercrime syndicate, the UK imposed first-ever sanctions for cyber fraud, and more.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Its not new to send Google Forms out for phishing, but another wave is incoming. As always, don’t click on links without checking first…
Join Mackenzie Jackson and Sonya Moisset for an eye-opening discussion about Ethical Hacking as Sonya answers questions from Mack and the webinar audience.
The exploitation of the CitrixBleed vulnerability in Netscale by a variety of ransomware groups has led to a widespread disruption of services across several industry sectors, including financial services, healthcare and real estate. Dozens of companies are now trying to recover from these attacks, with some being unable to conduct operations due to the severity of the attack. The other reason could be they did not have a good incident response and recovery plan in place.
Referenced in popular films and television programs, “The Dark Web” has achieved what many cyber security concerns fail to do in that it has entered the public consciousness. It is generally understood that the dark web is a collection of on-line sites and marketplaces, notorious for facilitating illegal activities and harboring stolen information.
Is Santa an insider threat? He breaks into your home, consumes cookies, drinks milk/whisky and leaves a collection of items hidden behind highly decorated wrapping paper. Rumor has it that he can tell if you’re naughty or nice and is actively tracked by NORAD. Can we trust Santa with his elevated access? The answer is, of course, Yes, because we are all Santa. Santa is ultimate trusted Certificate Authority, entrusting intermediate trust to parents worldwide.
Taking traditional “delayed package” scams up a notch, new phishing and smishing attack campaigns are leveraging freemium DNS services to avoid detection by security solutions. In some ways, the old adage “there’s nothing new under the sun” seems to be holding up. Take the latest USPS impersonation scam identified by domain monitoring vendor Bolster. It follows many of the same steps and uses similar tactics as any of the USPS scams I’ve covered before.
