The attack surface is inevitably going to grow. That’s why we believe it’s crucial for customers to not only know what assets they are exposing online but knowing to what extent assets are exposed. Users can now toggle the view of their attack surface by active and inactive assets. When toggled on, users will see all active assets present on their attack surface in the last 14 calendar days making it easier to discern what may no longer be on the attack surface.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I’ve heard a few friends over the years mention things discussed at home suddenly appearing in ads when on the Internet. Yes, some of that might be due to doing web searches, but what if…

Our other blogs and articles are primarily security-focused – this is non-technical yet relevant, one of the issues that I felt and intended to explore personally. It’s pretty hard to admit when you are in privilege, and it’s even harder to change the status quo when you are comfortable. This is a write-up on how I see diversity and inclusion currently in the cybersecurity industry, mainly a beginner’s understanding of the subject.

This blog is the latest in a series dedicated to Zhadnost, a Russia-aligned botnet first discovered by SecurityScorecard in March.

In 2020, SecurityScorecard uncovered a case in which self-signed certificates caused misattributions for CDN IPs, and IPs shared by many websites. At the time, we mitigated this issue by labeling CDNs (e.g. Cloudflare, Akamai, Fastly, etc.), so that customers could easily determine if their scoring problems were related to shared IPs.

According to Gartner, by 2025, 80% of enterprises will have adopted a strategy to unify web, Cloud services and private application access from a single vendor’s security service edge (SSE). We know that cybersecurity is a top priority for IT funding. Business owners and CISOs need to invest in security technologies in a way that will drive resilience and promote productivity among their – probably largely digital – businesses.

In this post I will be announcing a new open source project: Teleport Connect. It is a dedicated secure web browser for accessing cloud infrastructure. But first, let me explain why we've decided to build it, starting with a bit of historical context. As a kid I have always enjoyed imagining the process of programming to having a conversation with a machine. The REPL loop is the most obvious example of this interaction. As our code grows it no longer fits in a REPL environment.

If your company is worried about the financial hit of paying a ransom to cybercriminals after a ransomware attack, wait until they find out the true cost of a ransomware attack. Because the total costs of recovering from the ransomware attack are likely to be much, much higher. That’s the finding of a new study by researchers at Check Point, who discovered that the average total cost of a ransomware attack is more than seven times higher than the average ransom paid.

In case of emergency – that is, forgetting your login for 1Password, or someone else needing to get in – the 1Password Emergency Kit can truly save the day. This short and sweet document keeps all the necessary details for getting into your account in one place. But you shouldn’t need to break glass to retrieve it (which is a huge pain to clean up, not to mention dangerous). Here’s how to keep your Emergency Kit both safe and accessible.

As part of our regular Dark Web and cybercriminal research, Trustwave SpiderLabs has uncovered and analyzed postings from a politically motivated, pro-Russian ransomware group named Stormous. The group has recently proclaimed support for Russia in its war with Ukraine, attacking the Ukraine Ministry of Foreign Affairs and allegedly obtaining and making public phone numbers, email addresses, and national identity cards.