Here at Netskope we are celebrating our 10th anniversary this month, but while our story over that decade is very cool, any blog about it will be of limited interest outside of our own employee base. I wanted to add a different lens to our internal observations and so I started to refresh my memory with research into exactly what went on over those years while we were beavering away to build the best SASE platform in the world.

Rest-client is one of the most popular RubyGems, with a simple DSL that allows sending HTTP requests. Lightweight, versatile, developed by famous Rubyists…with all these attributes, this gem is a very shiny and attractive target for malicious actors. All they need is a good method of attack. An attempt made today tried to leverage typosquatting by adding malicious code to rest_client, but it didn’t quite ace the assignment.

SocGholish, also known as FakeUpdate, is a JavaScript framework leveraged in social engineering drive by compromises that has been a thorn in cybersecurity professionals’ and organizations’ sides for at least 5 years now. Upon visiting a compromised website, users are redirected to a page for a browser update and a zip archive file containing a malicious JavaScript file is downloaded and unfortunately often opened and executed by the fooled end user.

Europe’s new Digital Identity wallet offers inhabitants and companies a digital ID they can rely on, it acts as a tool which not only verifies and stores ID data but also enhances the application of the data for ease of use. The European Digital Identity will be held in a mobile phone wallet. This would make it easier to communicate important information in a timely and user-friendly manner at the discretion of the individual.

Meet Guacamaya – a hacktivist group advocating for the indigenous people of Central America