A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I think we are all aware of phishing email, and how they apply urgency and alarm to entice you to click on something you shouldn’t. Well, Deliveroo in France thought it would be a great April Fool’s wheeze produce fake receipts for their customers. Didn’t go down well….

As we all prepare for a new life after Covid-19, more businesses than ever are looking at expanding their digital presence and making online their number one channel. Despite this, many are unaware and ill-prepared for the threats facing them as we all transition to a “new normal”. Thanks to the rollout of vaccines, the threat of Covid-19 is steadily diminishing and businesses are set to resume normal service.

Every spring, my family has an annual ritual of visiting our friendly primary care physician for our physical exams. Although it’s one of the last things my wife wants to do, these routine checkups are an important way to detect problems before they become more noticeable.

Over the last few weeks, Cyberint has witnessed an ongoing attack campaign targeting social media influencers, attempting to infect them with malware by impersonating large clothing retailers. The campaign targets influencers across multiple social media platforms but currently appears to mostly focus on influencers operating on YouTube. Further, although the infection process is not sophisticated, it is notable and appears to be evolving.

Businesses not taking cyber security seriously are undermining how important it is for growth. Cyber security is covers all aspects of protecting our sensitive data held in various forms, such as personally identifiable information (PII), health records, intellectual property, industrial systems, critical infrastructure, governments and military information.

Forrester’s Annual State of Application Security Report has become a touchstone for organizations on their journey to achieve AppSec maturity. As the software development industry and threat landscape continue to evolve, Forrester’s State of Application Security Report for 2021’s main message is that while applications are still a major attack vector, analysts found signs of hope in their research.

Nowadays, developers are responsible for more than just creating the application. Besides working on features, developers have to focus on their applications’ maintainability, scalability, reliability, and security. Many developers are unsure of where to start with security. In addition, most companies still work with a dedicated security team instead of having security expertise inside the team. A lot of developers practically live in their integrated development environment (IDE).

As of late, cyber threats have only grown in velocity and volume, with cybercriminals taking advantage of every new capability to grow and prosper. Couple that with a global pandemic and a sudden increase in remote working in the cloud, and you open the door to countless new vulnerabilities.

We now live in an era where the security of all layers of the software stack is immensely important, and simply open-sourcing a code base is not enough to ensure that security vulnerabilities surface and are addressed. At Teleport, we see it as a necessity to engage a third party that specializes in acting as an adversary, and provide an independent analysis of our sources.

As a result of the worldwide pandemic, technology companies were forced to pivot to fully remote operations. For many organizations, this meant accelerating their digital transformation efforts. But despite the investment in digital transformation efforts, there haven’t been enough investments in security measures.