Kondukto and GitGuardian have teamed up to provide an integration that brings together their knowledge in AppSec orchestration and automated secrets detection.

In recent times, the hospitality industry has experienced a surge in malicious emails aimed at their employees, particularly customer service personnel who handle customer emails. These emails were carefully crafted to elicit a sense of urgency and trick hotel staff into clicking and opening them, using social engineering tactics.

We will continue to update on this dynamic situation as more details become available. CrowdStrike’s Intelligence team is in contact with 3CX. On March 29, 2023, CrowdStrike observed unexpected malicious activity emanating from a legitimate, signed binary, 3CXDesktopApp — a softphone application from 3CX. The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity.

The recent SCARLETEEL incident highlights the importance of detecting security threats early in the development cycle. With Terraform state files, attackers can easily access sensitive information and gain unauthorized access to your cloud infrastructure. In this case, the attackers exploited a containerized workload and used it to perform privilege escalation into an AWS account, stealing software and credentials.

According to a 2022 Verizon report, 43 percent of all data breaches reported worldwide targeted small and medium-sized businesses – with numerous businesses reporting at least eight hours of downtime after a severe cybersecurity incident. Little surprise, then, that demand for cyber liability insurance has surged in recent years. Businesses – especially small ones, with fewer financial resources – want to be made whole after a disruption.

Defining and implementing a network microsegmentation strategy is paramount to securing the network and protecting assets. However, it’s also a time-consuming and resource-intensive endeavor. This means it’s vital that enterprises are confident that their zone-to-zone security policy is functioning as intended.

When a restaurant expects an inspection from the Health Department, management takes a number of steps to prepare. The team needs to understand what the inspector will look for and take proactive measures to address any obvious concerns. This involves cleaning, scrubbing, and being on best behavior. Conducting an ISO 27001 internal audit is like preparing for a health department inspection. An internal audit analyzes an organization’s information security management to find vulnerabilities.

The US FBI is warning of business email compromise (BEC) attacks designed to steal physical goods. While BEC attacks are typically associated with stealing money, criminals can use the same social engineering tactics to hijack deliveries of valuable materials. The FBI says fraudsters are particularly interested in stealing construction materials, agricultural supplies, computer technology hardware and solar energy products.

The Australian Federal Police (AFP) have arrested four alleged members of an organized crime group known for carrying out business email compromise (BEC) attacks, BleepingComputer reports. The victims of the gang’s attacks lost between $2,500 and $500,000. “Four members of an alleged cyber criminal syndicate accused of money laundering $1.7 million in stolen cash from Australian and overseas victims have been charged in Brisbane, Adelaide and Melbourne,” the AFP said in a statement.

The latest Salt Labs State of API Security report is out, and we’re excited to share with you some of the key findings. The security industry news has frequently covered high-profile application programming interface (API) breaches over the past few years, so it’s no surprise that our research found that attackers have upped their activity. Salt Labs analyzed the past year of Salt customer data and found a 400% increase in unique attackers just over the last six months alone.