Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! I think the moral of this story is, if you receive an unexpected alert from service you’ve had a long time and wasn’t informed this was a new feature; treat with caution.

There are numerous ways for people to pay for products, from traditional methods such as cash or credit cards to gift cards and cryptocurrencies. Interestingly, hackers have found ways to access and misuse each of these methods. Gift cards are a wholesome idea—there’s nothing better than receiving one from your favorite store. However, even gift cards aren’t completely safe. This doesn’t mean you should ignore a gift card you received as a present.

Over the past twenty years, I have navigated a unique journey through the cybersecurity landscape. My path has taken me from the realms of hacking and academia into the heart of threat intelligence (TI), culminating in my current role. Since I joined Cato in 2021, I’ve been leading security strategy and am proud to share the culmination of Cato’s research efforts in Cyber Threat Research Lab (Cato CTRL), our cyber threat research team.

The average cost of a cyberattack in the United States is 9.5 million. With over 60% of businesses going bankrupt after experiencing a severe data breach, robust security measures to safeguard organizations’ digital assets and operations are urgently needed. A powerful tool gaining significant traction in addressing these challenges is Security Information and Event Management (SIEM).

Hackers love to trick employees into wiring them money using emails that look legitimate. Here's what you need to know about business email compromise scams.

A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit, Rhysida, and BlackSuit, it still presents a serious threat to organizations.

Companies must prioritise a comprehensive and proactive approach to network security. Among the most effective strategies to ensure robust defence mechanisms is rigorous penetration testing. By adopting an “assumed breach” mentality, organisations can better prepare for potential attacks, ensuring they are not merely reacting to threats but actively preventing them.

Read also: Samourai Wallet founders charged with money laundering, German police shut down a DDoS-for-hire service, and more.

OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. Following research released by Salt labs that uncovered critical vulnerabilities in the world's most popular authorization mechanism, Salt has released a multi-layered protection package to detect attempts to exploit OAuth and proactively fix the vulnerabilities.

PCI DSS version 4.0 recently took effect on March 31, 2024, and includes no less than 63 new requirements. This is the first update of the information security standard designed to defend against payment and credit card fraud since the release of PCI DSS v3.2 eight years ago.