A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. We do our best to avoid falling for a scammer, but the lure of yummy comfort goodies especially with the pandemic’s toll on our lives, may be just the one step too far.

“TroubleGrabber” is a new credential stealer that is being spread through Discord attachments and uses Discord messages to communicate stolen credentials back to the attacker. While it bears some functional similarity to AnarchyGrabber, it is implemented differently and does not appear to be linked to the same group. TroubleGrabber is written by an individual named “Itroublve” and is currently used by multiple threat actors to target victims on Discord.

An undisclosed number of customers of outdoor clothing retailer The North Face have had their passwords reset by the company, following a credential-stuffing attack. The company has revealed that on October 9, 2020, it became aware that hackers had used usernames and passwords stolen from a third-party website to gain unauthorised access to customer accounts.

The number of successful ransomware attacks on the education sector increased 388% in the third quarter of 2020. According to Emsisoft, the education sector reported 31 ransomware incidents in Q3 2020. That’s a 388% increase over the 8 incidents that occurred in the previous quarter. Nine of the 31 ransomware attacks disclosed in the third quarter of the year involved data exfiltration, a tactic which has become common with ransomware gangs over the past year.

Securing your cloud environment effectively is no easy task. What cloud security issues should you be prepared for? What are the most serious security risks? Which best practices are most effective at keeping your data safe? In this article, we will explore the two primary cloud models and the principal security concerns you will face when using each model.

Scams occurring during online purchases have spiked since the start of the pandemic, as reported in new research conducted by the Better Business Bureau (BBB). Around 80.5% of consumers who reported this type of scam this year lost money, compared to 71.2% in 2015. Online purchasers scams have been among the three riskiest scams for the past three years but the situation has become significantly more severe in 2020.

Bulletproof has released its Annual Cyber Security Industry Report 2021, where we look at the security challenges facing businesses in 2021 and discover what organisations can do to stay ahead of the hackers. In this blog we highlight 4 key findings from the report and explore what they mean for business’ security in 2021 and beyond.

The ultimate objective of any software developer is to create performant, secure, and usable applications. Realizing this goal requires every application to be tested thoroughly. Testing is therefore a critical aspect of creating robust applications. It’s what ensures the developed software meets the desired quality expectations. This blog examines one of the vital testing methods: white box penetration testing.

At the convergence of digital transformation, an industry-wide focus on SASE, and the effects of the continuing COVID-19 pandemic, there are key forces that security practitioners need to be aware of and operate within. This is the second blog in a series of three detailing these forces and how security leaders and practitioners can adapt to them in a digitally transforming, SASE-enabled world. This blog covers the forces of Organizational Culture and Adversaries and Threats.