The array of phishing vectors used by attackers is constantly expanding. On a daily basis we observe numerous different phishing themes such as voicemails, fake invoices and documents requiring signing. Recently, we have seen more topical themes such as US elections, COVID-19 and Brexit.

Organizations are increasingly adopting Kubernetes to manage their containerized workloads and services, but Kubernetes security incidents are on the rise, as well. In the fall 2020 edition of the “State of Container and Kubernetes Security” report, for instance, 91% of respondents told StackRox that they had recently adopted Kubernetes. Three quarters of survey participants went on to reveal that they had deployed the container orchestration platform in their production environments.

Open source components have become the basic building blocks of software applications, comprising 60%-80% of the software projects. As open source usage has established itself as an industry standard and the default choice of software production, software development organizations are required to set up an open source strategy.

Emotet has become one of the world’s most advanced botnets. Like many malware campaigns, Emotet’s primary mode of delivery is phishing emails that download malicious Microsoft Office documents. Furthermore, these documents are often hosted in popular cloud apps like Office 365 and Amazon S3 to increase the chances of a successful lure.

A simple DLL file was the catalyst to the most devastating cyberattack against the United States by nation-state hackers. This cinematic breach demonstrates the formidable potency of DLL hijacking and its ability to dismantle entire organizations with a single infected file. DLL hijacking is a method of injecting malicious code into an application by exploiting the way some Windows applications search and load Dynamic Link Libraries (DLL).

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to companies to better protect their cloud-based accounts after several recent successful attacks. According to an advisory published by CISA, an increasing number of attacks have succeeded as more employees have begun to work remotely with a variety of corporate laptops and personal devices during the COVID-19 pandemic.

Managers and compliance auditors often ask IT admins to present a report listing file share permissions granted to a group or a particular user. Here are a few paid and free tools that will help you save time on generating these reports.

With the administration of COVID-19 vaccines beginning around the world, many of us have begun to look to a future where the pandemic does not totally dominate our lives. Naturally, the way we socialize and work will have shifted. Remote work, for instance, has shown to be more productive and preferable for many businesses. In the cybersecurity space, we’re also beginning to realize which threats are opportunistic and temporary – and which ones are here to stay.

For organizations and their employees, 2020 was a uniquely transformative and challenging year. Although this reality is expressed in many ways—including a global pandemic, a deep economic recession, perpetual social unrest and a litany of natural disasters—in the professional environment, it is most acutely observed in the rapid and wide-spread transition to remote work.