Hackers recently claimed on a known cybercrime forum that they had stolen hundreds of millions of customer records from Santander Bank and Ticketmaster. It appears that hackers used credentials obtained through malware to target Snowflake accounts without MFA enabled. While it's easy to blame Snowflake for not enforcing MFA, Snowflake has a solid track record and features to protect customer data. However, errors and oversight can happen in any organization.

The two new vulnerabilities that the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added to its list of known exploited vulnerabilities (KEV) are both related to the privilege elevation of the Linux kernel.

Organisations require robust security measures that go beyond surface-level checks. Frankly, those days are gone now. White box penetration testing emerges as a powerful tool in this arsenal, offering a comprehensive security assessment by leveraging “insider” knowledge. Let’s delve into what white box penetration testing entails, its methodologies, and real-world examples illustrating its effectiveness.

As the fourth-largest economy worldwide, Japan stands as a pivotal center for various cutting-edge industries. This includes automotive, manufacturing, finance, and telecommunications, rendering its attack surface a prime target for cyber adversaries. Japan’s Western alliances and its territorial dispute with Russia, alongside support for Ukraine, heighten its cyber threat profile from state actors like China, Russia, and North Korea.

Fireblocks has expanded its exchange connectivity with new support for Coinbase International Exchange to provide perpetual futures and spot trading features for institutional and retail clients in eligible jurisdictions. Fireblocks customers can now connect to their Coinbase International Exchange account via the Fireblocks Network, and protect exchange operations – such as withdrawals and deposits – with Fireblocks’ governance and policy rules.

Exploring the intricate relationship between people and cybersecurity opens up a dynamic landscape where individuals' decisions, habits, and intentions significantly impact the safety and integrity of digital systems. Cybercriminals are savvy opportunists, and like pickpockets, they go where the crowds are. They scan the virtual world, identifying weaknesses in the popular sites and systems people use.

API penetration testing, or API pentesting, is a specialised form of security testing focused on identifying and addressing security vulnerabilities within an API (Application Programming Interface). APIs are the backbone of modern web applications, enabling communication between different software systems.

To bolster the security of AI workloads in the cloud, Sysdig has extended its recently launched AI Workload Security to AWS AI services, including Amazon Bedrock, Amazon SageMaker, and Amazon Q. This enhancement helps AWS AI service users secure AI workloads and keep pace with the speed of AI evolution.

Businesses increasingly migrate to cloud-based solutions for storage, applications, and critical functions. While the cloud offers scalability and agility, it also introduces new security challenges. Cloud penetration testing is a crucial defence mechanism for proactively identifying and addressing these vulnerabilities.

‍ ‍ ‍Private equity (PE) firms are becoming increasingly attractive targets for cybercriminals. Malicious actors are keen to capitalize on the ecosystem's access to an incredibly extensive and diverse array of sensitive data, particularly susceptible during and after M&As, as well as the notoriously low cybersecurity measures in place among the smaller businesses that some PE firms chose to hold.