Self-extracting (SFX) archive files have long served the legitimate purpose of easily sharing compressed files with someone who lacks the software to decompress and view the contents of a regular archive file. However, SFX archive files can also contain hidden malicious functionality that may not be immediately visible to the file’s recipient, and could be missed by technology-based detections alone.

The need for secure coding practices has never been greater. Vulnerabilities can be introduced at any stage of the software development life cycle and can result in significant data breaches and other security incidents. Therefore, it’s essential to have a robust security process in place to catch these vulnerabilities early on. Bytesafe is a security-focused tool designed to help developers and organizations secure their software development process.

Ferrari is a well-known luxury car manufacturer based out of Italy. The company creates some of the most beloved sports cars and is known for producing vehicles that stand out for their beauty and performance. The company began in 1947 and had been producing head-turning vehicles ever since. Ferrari is well-known for delivering an excellent customer experience, but the automaker recently suffered from a data breach that may have exposed some of its customers.

Major companies and services were hit by data breaches this week. Some of the breaches were caused by internal mistakes, others were the result of coordinated gang attacks, and some were issues with outside services. All the different attack types make it clear that no matter how you run your business, there are data risks you must look out for, and as a consumer, you have to be careful to monitor your credit and finances closely.

CrowdStrike announced on 3/29/2023 that an active intrusion campaign was targeting 3CX customers utilizing a legitimate, signed binary, 3CXDesktopApp (CISA link). As the investigations and public information came out publicly from vendors all across the spectrum, C3X customers of all sizes began investigating their fleet for signs of compromise. These campaigns are often referred to as supply chain compromises, or MITRE ATT&CK T1195.

In a world with increased regulation, uncertainty in the banking business due to the climate or unforced errors, and liquidity concerns, the capability for risk management departments, auditors, and compliance departments to have timely access to reports and data that drive their decisions becomes more important than ever. Saying that you have enough data points is like saying you have enough security.

When it comes to cyberattacks, the human dimension of the cybersecurity environment is a complex vulnerability. Without awareness, any employee, contractor or user is the most unprotected asset. A person who can be easily exploited with a social engineering attack. Because of inherent human characteristics — ignorance, fear, misplaced trust — people are by nature very susceptible to being manipulated to let down their guard.

By Dallas Young Sr. Technical Marketing Manager, Torq According to researchers, the 3CX Voice over Internet Protocol (VoIP) desktop program for Windows and MacOS, which boasts over 600,000 customers and 12m daily users, has been compromised by a DLL sideloading attack and used in several supply chain attacks. 3CX is a private branch exchange (PBX) system, a private telephone network used within a company or organization.

‍ This month, we're excited to bring you some long-awaited enhancements to folder/document/project creation, co-editing for users who may not have full folder permissions, saved search filters, and co-editing on Desktop App Core.

I have been watching Secureworks for a long time—ever since Dell bought the company back in February of 2011. The company’s reputation as a leader in managed security services was well-known, and this purchase represented one of the first big bets by Dell in the cybersecurity space. Secureworks could analyze and remediate the ever-evolving threat landscape for Dell customers.