Arctic Wolf has recently observed an uptick in detected password spraying for multiple Firewall and VPN appliances. This activity began on February 28, 2024. A variety of products are affected by this activity, including but not limited to devices from vendors such as Cisco, Palo Alto Networks, and WatchGuard. Further investigation revealed that authentication against web-based applications in general was being targeted as opposed to a selection of firewall vendors.

Joined by the popular Mac Admins podcast cast, we dive into Apple security and privacy, and how Macs are being integrated into workplaces everywhere. Find out whether an Apple product on its own keeps you secure and safe from viruses, or if you need additional security apps to protect your devices.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Now this is a lot of money.

In our last blog post, we unpacked what SEO poisoning is and how it diverts organic search traffic. We examined some prevalent rank theft techniques used in SEO poisoning attacks. In this follow-up, we will dive into how automation can be used to further SEO poisoning and ranking theft attacks. With bots, adversaries can execute coordinated ranking theft at a speed and scale not possible manually.

Low-code platforms have become a transformative force in the dynamic world of software development. They’ve democratized the designing, building, and deployment of software, which has had a ripple effect across entire industries. Today, with minimal coding expertise, users can craft innovative applications tailored to meet the needs of consumers and businesses alike. But the allure of low-code simplicity also creates a challenge.

Technology can change in the blink of an eye, and nowhere is this more evident than in the rise of “citizen developers.” Often without formal technical training, these individuals leverage user-friendly platforms to create, innovate, and deploy AI-driven solutions. But with the support of intuitive interfaces, templates, and code snippets come challenges. Security can be a challenge hidden in the simplicity of drag-and-drop designs.

CI/CD pipelines are formed by a series of steps that automate the process of software delivery. They integrate the practices of Continuous Integration (CI) and Continuous Delivery (CD) along with the tools, platforms, and repositories that enable them. Their goal is to simplify, streamline and automate large parts of the software development process.

CrowdStrike is today debuting CrowdStrike SEC Readiness Services to guide organizations along the path to compliance as they navigate the new SEC cybersecurity disclosure rules. These services, powered by the AI-native CrowdStrike Falcon® XDR platform and industry-leading CrowdStrike Services team, give customers the insight they need to harden defenses, make materiality decisions and navigate the annual disclosure process with confidence.

Data breaches pose the most significant risks to our data. Despite the strict measures companies follow to encrypt and protect user data, sometimes the worst-case scenario happens, and you have been alerted that your data has leaked online. Many companies, from healthcare to social media, have been victims of data breaches. One of those major companies that made the list is Discord.

...despite all intentions to follow best practices, they don't. When you automate enforcement of best practices, you can ensure those practices are followed...