On February 9, 2021, Alex Birsan disclosed his aptly named security research, dependency confusion. In his disclosure, he describes how a novel supply chain attack that exploits misconfiguration by developers, as well as design flaws of numerous package managers in the open source language-based software ecosystems, allowed him to gain access and exfiltrate data from companies such as Yelp, Tesla, Apple, Microsoft, and others.

SHORT SUMMARY: STOCKHOLM, SWEDEN – In February 2021, Detectify co-founder and Crowdsource hacker Frans Rosén was looking for security bugs in Apple services. Noticing that many of Apple’s own apps store their data in public databases on Apple’s data storage framework CloudKit, Frans was curious to know if any specific apps’ data could be modified with access to the public CloudKit containers in which their data was stored. Long story short, they could.

The #LifeatTorq Team Spotlight is a Q&A series dedicated to the talented and generally kick-ass team that form the foundation of our growing company. Today we are spotlighting Leen Neuman, a Front End Engineer at Torq, based in our Tel Aviv office.

Cybersecurity is a business issue, not just a technology issue, and it is no longer deemed as a luxurious investment but rather a necessary one. It’s been a long time coming, but companies are finally coming to terms with the seriousness of cyber threats. Cyber attacks are growing in complexity, and their unpredictable nature stimulated by the evolution of technology has prompted companies to significantly boost their cybersecurity budget.

Most ransomware groups operating in the RaaS (Ransomware-as-a-Service) model have an internal code of A new zero-day vulnerability (CVE-2021-40444) affecting multiple versions of Windows has recently been discovered and disclosed by Microsoft. According to Microsoft’s Security Update Guide, the MSHTML component can be exploited by an attacker through a custom ActiveX control, allowing remote code execution.

What are the limits of online privacy and law enforcement? Can we clearly define them, or is this a vague and blurred area of debate? The fact is that as technology advances, the real and the virtual worlds are increasingly converging. Actions (or inactions) in the cyberspace introduce risks and threats for people, especially the most vulnerable ones, i.e. children and elders.

Today’s organizations utilize a multitude of solutions to create, share and manage their sensitive content. That business reality is exacerbated by additional cloud file storage solutions that result from acquisitions, competing employee preferences, or shadow IT initiatives. So, it’s no surprise IT teams struggle to manage and control document and file system sprawl.

According to a recent CNBC report, Google has seen a rise in posts flagged for racism or abuse on its message boards. This has caused the company to ask its employees to take a more active role in moderating internal message boards. That’s one way to handle content moderation. But, it also takes an employee’s time and attention away from higher-value tasks. Many companies address instances of internal harassment through training and stronger HR policies.

To better understand your security posture, your security team needs visibility into your environment and infrastructure. But to achieve more granular visibility, they also need an effective and efficient way to collect data from company endpoints. Deploying an agent provides your security team with an efficient way to collect endpoint data in a scalable manner.

In the latest instalment of our interviews speaking to leaders throughout the world of tech, we’ve welcomed Lia Edwards. Lia leads the consultancy side of Threat Protect’s service offering having operated as CIO for several multinational corporations, including Fresnel before co-founding Threat Protect, where she provides consultancy and support on compliance and audit projects, working with clients such as KPMG among others.