A phishing campaign is spreading the DarkGate malware using new techniques to evade security filters, according to researchers at Cisco Talos. “The DarkGate malware family is distinguished by its covert spreading techniques, ability to steal information, evasion strategies, and widespread impact on both individuals and organizations” the researchers explain.

In November 2023, the Cybersecurity & Infrastructure Security Agency (CISA) published guidance for addressing vulnerability CVE-2023-4966, affecting Citrix NetScaler ADC and NetScaler Gateway. This vulnerability is also known as Citrix Bleed.

A new phishing campaign is exploiting the eSignature platform Yousign. There have been plenty of phishing attacks that leverage legitimate platforms to help establish credibility with security solutions – including online email services, web hosting, payment processors and more.

The interconnected nature of our digital economy requires a shift in how companies think about their cyber risk. Companies need to consider the broader system and how to build mutual support with their entire cyber ecosystem– customers, partners, and vendors. Yet, today, most companies still rely on manual vendor onboarding, monitoring, and point-in-time external security reports to manage supply chain cyber risk – even top Fortune 500 companies.

It might surprise you to know that more than 70 new vulnerabilities are published every day. And despite their risk-reducing value in helping SOC teams address these, vulnerability management solutions have drawbacks. Often, they only provide a snapshot of an organization’s vulnerabilities at a point in time. In fact, owing to their nature, vulnerabilities identified today may not exist tomorrow, or they may appear and disappear intermittently.

For Star Trek fans, space may be the final frontier, but in security, discovering Application Programming Interfaces (APIs) could be the technology equivalent. In the iconic episode “The Trouble with Tribbles,” the legendary starship Enterprise discovers a space station that becomes overwhelmed by little fluffy, purring, rapidly reproducing creatures called “tribbles.” In a modern IT department, APIs can be viewed as the digital tribble overwhelming security teams.

In iOS app security, the ability to seamlessly blend static and dynamic analysis capabilities is paramount. One tool that stands out in this domain is r2frida. This unique tool combines the robust binary analysis functionalities of Radare2 with the dynamic instrumentation features of Frida, creating a potent toolkit for dissecting iOS applications and fortifying their security posture.

In the digital age, where technology has become indispensable, cybersecurity has become a crucial issue for organizations. Investment in security tools to protect digital assets is increasing; however, the biggest threat often lies in an unexpected factor – human error. Phishing campaigns, weak passwords, or accidental data leaks can put even the most fortified network at risk.

Single sign-on (SSO) used to be enough. It’s not anymore.

In today’s era of technological innovation, devices, networks and data are interconnected in a vast digital ecosystem. What organizations build in this ecosystem can affect others in it — for better or worse. We are at an inflection point when it comes to systemic challenges to the resiliency of our digital ecosystem and public policy solutions needed to address them.