In 2023, identity theft and fraud reached significant levels, with various reports highlighting the extensive impact on consumers and businesses. The Federal Trade Commission (FTC) reported that consumers lost more than $10 billion to fraud, marking a 14% increase from the previous year. Identity theft remained a pervasive issue, with nearly 560,000 cases reported in the first half of 2023 alone.

While reviewing common TTPs in malware campaigns used last year Outpost24’s Cyber Threat Intelligence team, KrakenLabs, came across several reports and articles describing a novel infection technique being used to distribute various types of malware not necessarily related to each other. For example, this article analyzing Amadey and this one talking about Redline.

It seems like every other day there is a public announcement of a compromise involving unauthorised access to Microsoft 365. Privately, my security consultancy team are called in more often than we would like to deconstruct a compromise and determine if a notifiable data breach has occurred.

Read also: A fraudster extradited from Ukraine to the US, french police dismantle coco chat website linked to cybercrime, and more.

Remcos is a form of malware presented as legitimate software, purportedly useful for conducting surveillance and performing penetration tests. It functions as an advanced Remote Access Trojan (RAT), enabling complete monitoring and manipulation of Windows computers from XP onwards.

As developers, we often have to work with REST APIs when we integrate with third-party systems or connect between frontend and backend systems at work. APIs, and REST APIs in particular, are a fundamental part of modern web applications, allowing us to create, read, update, and delete data over HTTP. However, as with any technology, they come with their own set of security challenges. Let's break these challenges down and understand how to secure REST API applications.

Here’s what you need to know about the progression of the Polyfill supply chain attack and how to respond.

In a recent development that has raised concerns across the education sector, Los Angeles Unified School District (LAUSD) has confirmed a significant data breach involving student information. The breach, linked to a hack of the district’s Snowflake account, has exposed sensitive data pertaining to students and employees enrolled in the sprawling district. Snowflake is a cloud database platform used by companies worldwide to store their data.

In 2021, Amazon suffered a financial setback of around $34 million due to a one-hour system outage that led to a considerable loss in sales. Meta suffered a loss of nearly $100M because of Facebook’s 2021 outage. The consequences of downtime can be severe, and businesses of all sizes and governments can be affected. A DDoS attack can bring a business to a complete standstill for hours, leading to a substantial loss in revenue.