Read also: Hacker stole 23 million Mangatoon accounts, Uniswap users were robbed of $8 million worth of Ethereum, and more.

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them to log into the genuine site.

Static Application Security Testing (SAST) is one of the principal techniques for assessing the source code of applications to detect possible vulnerabilities. SAST enhances application security during the early stages of the development life cycle and plays an important role in shifting security left. However, there are quite a few myths that are often associated with implementing SAST security tools. Let’s run through the big three.

SAST is one of the matured security testing methods. In the SAST, the source code is examined from the inside out while components are in a static position. It performs scanning in-house code and design to identify flaws that are reflective of weaknesses, and that could invite security vulnerabilities. The scans performed by SAST tools are dependent upon prior identification of rules that specify coding errors to examine and address.

RHONDOS is proud to have established a strategic partnership with Devo, the only cloud-native logging and security analytics platform. RHONDOS is bringing PowerConnect for SAP to Devo, and together we will provide mutual customers with an all-in-one solution so they can confidently address the question of what to do with SAP data.

X11 forwarding, ssh -X, is an SSH protocol that enables users to run graphical applications on a remote server and interact with them using their local display and I/O devices. It is commonly relied upon by developers for securely interacting with remote machines across wide and heterogeneous server fleets.

This is the fourth, and final, part of a four-part blog series covering each of the four phases of the merger & acquisition (M&A) process and how you can build security into each phase. In case you missed them, Part 1 covered why it’s important to integrate security into the due diligence process in the first phase of M&A, Part 2 covered integration planning and public announcement, and Part 3 covered what you can expect on “Day One,” after a merger or acquisition closes.

Modern SaaS applications power the world’s most iconic businesses, and with hundreds of billions of dollars of annual revenue at stake, speed to market without compromising secure operation and access control is essential. Authorization for multi-tenant SaaS applications enables end-users to control ‘who’ and ‘what’ can interact with the application.

Ransomware is a (sad) fact of corporate life. 61% of businesses were impacted by cyber criminals in 2020, peaking at more than 900 attacks per organisation in 2021. Remote working is only making organisations more vulnerable. A recent study also found that the average attack costing its victims $5.3m. It’s no wonder ransomware is near the top of every CIO’s worry-list. In our last blog, we looked at how best to plan for tomorrow.

Using open source libraries securely is an ongoing priority at large organizations. One big challenge is integrating security tools into the developer workflow — and setting up a system that prioritizes vulnerability fixes — without overwhelming developers. But what does a successful approach look like?