Last year, the Securities and Exchange Commission adopted rules on cybersecurity risk management that focused on transparency. Much of the adopted rules were focused on investors, but the rules also underscored the importance of the impact to customers when cybersecurity incidents occur. The data security landscape has recently shifted to prioritize the user or the customer, and that was just one of the steps in furthering the approach.

As we are well into 2024 now, we at Fortra want to continue our commitment to empowering you all with the knowledge and tools needed to protect you, your organization, and even your family. This year, we will be looking more and more at the human element, and provide you with methods to practice repeatable, real-world techniques to ingrain positive habits and security behaviors to keep you as safe as possible.

People, processes, and tooling all impact an organization’s ability to maintain a strong AppSec program. In a recent panel at Black Hat Europe, Snyk spoke with two customers — Jaguar Land Rover (JLR) and Asda — about the unique challenges they face managing development teams, onboarding new security tools, and building a modern DevSecOps program throughout their organizations.

Widespread exploitation of these vulnerabilities in the wild has been confirmed including comprise of UnitedHealth’s Change Healthcare on February 22nd, by Lockbit. Sophos has confirmed various strains of malware using these vulnerabilities as part of delivery including LockBit ransomware, AsyncRAT, infostealers, etc.

You need to protect your Social Security number to prevent identity theft. Threat actors can use your Social Security number to commit fraud and leave you with lasting effects such as debt, damaged credit and financial loss. It can be difficult to tell if someone uses your Social Security number without your permission.

Bumblebee returns from hiatus, PikaBot reappears with optimized code, and threat actors distribute spam via AWS SNS.

Open source security is a term used to describe the process of protecting your organization’s data and network from attack by using open-source software. It refers to the use of open-source software (OSS) for data protection. Open source software is free to use, meaning that anyone can access it without paying fees. This allows organizations to take advantage of the collective knowledge and experience of thousands of people who have contributed code or worked on projects together.

Researchers at VIPRE Security observed a 276% increase in malware delivered by phishing between Q1 and Q4 of 2023. “Last year, our YARA rules caught between one and two million generic malware instances each quarter, with a nearly 20% jump in Q4,” VIPRE’s report says.

I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading or hearing about it could not believe it was successful. A group posing as an Amazon employee and various U.S. law enforcement agencies were able to convince a woman to take $50,000 out of her bank account in cash and hand it off to a complete stranger in the streets. It is a wild story and most of us would not be tricked into doing what happened to her.