The Sysdig Threat Research Team (TRT) recently discovered a global operation, EMERALDWHALE, targeting exposed Git configurations resulting in more than 15,000 cloud service credentials stolen. This campaign used multiple private tools that abused multiple misconfigured web services, allowing attackers to steal credentials, clone private repositories, and extract cloud credentials from their source code. Credentials for over 10,000 private repositories were collected during the operation.

Recently, a critical API vulnerability in FortiManager (CVE-2024-47575) was disclosed. Certain threat actors exploited it in the wild to steal sensitive information containing configurations, IP addresses, and credentials used by managed devices. In advanced notification emails, Fortinet warned its users of the vulnerability and mitigation steps. The vulnerability has a critical severity rating of 9.8 out of 10.

In our recent webinar, "Myth-Busting Cyberstalking," hosted by The Cyber Helpline and Paladin, we tackled common misconceptions about stalking. Misunderstandings around stalking can put victims at risk, so our goal was to debunk harmful myths and provide guidance on handling such situations safely. Here’s a rundown of the eight myths we covered, along with insights from our panel of experts.

The Sarbanes-Oxley Act (SOX) is a United States federal law that aims to enhance corporate transparency and accountability. Signed into law on July 30th, 2002, the Act came in response to a slew of major corporate accounting scandals, including those involving Enron and WorldCom, that came to light in the early 2000s. Its primary aim is to enhance corporate transparency and accountability, ensuring companies adhere to strict financial reporting standards and maintain effective internal controls.

Compromised secrets, such as leaked API and SSH keys, credentials, and session tokens, are the leading cause of cloud security incidents. While attackers can directly compromise secrets through methods like phishing, they can also gain control by finding and taking advantage of simple misconfigurations in your environment.

We’re excited to announce our new partnership with Backblaze—bringing their Cloud Storage to businesses in North America and supporting Canadian companies that require data to remain within national borders.

When utilizing a new tool or solution to manage and monitor your data, it’s paramount that you can guarantee that the service you’re using is secure and that it protects your valuable data. With OpenSearch, you can rest assured that you’re using one of the most secure and robust solutions available. The solution emerged for numerous reasons, with one of the main factors being discontent among users surrounding privacy.

As organizations adopt more modern application strategies, APIs are increasingly important for enabling seamless communication and data exchange. However, this interconnectedness also introduces more significant security risks. APIs are gateways to sensitive information, making them prime targets for attackers. This can result in data breaches, business disruptions, and reputational damage.

Organizations spend 32.4% of security budgets on code security, yet only 44% of developers follow secrets management best practices. Get the full insights in our 2024 report.

Imagine scanning a QR code to pay for parking or to buy a new jacket, only to realize you handed over credentials or card data to fraudsters. Yes – phishing is now also an offline phenomena, expanding its reach into real-world spaces via QR codes. Known as ‘QRishing’, this increasingly common attack exploits growing reliance on QR codes in both online and everyday physical environments, exploiting users’ lack of vigilance.