Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! A breach is serious, but due to the legal status of what services it provides, can’t get much more serious at this DropBox subsidiary.

There’s a seemingly endless list of cybersecurity threats facing organisations today. Among these threats, typosquatting stands out as a deceptive practice used by threat actors to exploit user errors in typing website addresses. To combat this growing menace, asset discovery tools play a crucial role in identifying and mitigating the risks associated with malicious typosquatting domains.

CVE-2024-3094 is a critical backdoor vulnerability found in the XZ Utils open-source library. The vulnerability was caused by a malicious code injected into the library by one of the maintainers. The vulnerability allows remote attackers to execute any desired code on systems with exposed SSH packages.

SaaS applications have fundamentally transformed business operations by enabling on-demand user access to services and data via the internet from anywhere. Yet, despite countless benefits, SaaS in the enterprise is fraught with cybersecurity challenges.

In an age where manufacturers have decided that just about every device needs to be “smart,” it’s becoming difficult to avoid the data collection and privacy invasion that are often baked into these devices. We have come to expect that smart phones and speakers with built-in digital assistants are always listening, and data collection practices between companies can vary significantly.

Sysdig and Tines have joined forces to provide an integrated detect, triage and respond solution that enhances cloud security. This partnership combines Sysdig’s expertise in Runtime Insights with Tines’ robust orchestration and automation features. The result is a powerful solution that enables DevSecOps, Operations, and SOC teams to streamline security workflows, shorten response times, and stay ahead of security incidents.

Read also: Notorious Finnish hacker receives a 6-year prison sentence for Vastaamo breach, and more.

Web applications are crucial for business growth but are often targeted by cyber attackers. In 2023 alone, over 6.8 billion attacks were blocked across 1400 web applications, underscoring the growing threat. One mitigation measure to shield your business’s critical websites and applications is blocking malicious traffic with a WAF or a WAAP, as what the category is called now. Deploying Cloud WAF is just the beginning. To achieve top-notch security, a managed solution is essential.

Application security is vital for ensuring the resilience of organizations, as it encompasses measures and practices that safeguard applications against potential threats and vulnerabilities. It plays a critical role in safeguarding sensitive data, preventing unauthorized access, and maintaining the integrity and availability of applications.

In the realm of modern enterprise productivity suites, Copilot for Microsoft 365 stands as a huge driver for efficiency, offering business users the ability to aggregate, summarize, and process data within the M365 suite of tools. However, for organizations with diverse infrastructure and applications, and the need for real-time data interactions, the out-of-the-box functionality requires augmentation to reach its full potential, not to mention secure controls for Copilot for M365.