The notion that the time we are living in now is “unprecedented” is a common one, but historians and philosophers alike will happily note that things are rarely so different that we can’t learn a lot from the past. Despite IT often being dominated by forward-thinking individuals developing novel and innovative new designs, a lot of the problems and potential solutions for IT security are ones that have stood the test of time.

Malicious actors are targeting Apple. Although Apple introduced a notarization mechanism to scan and prevent malicious code from running on Apple devices, attackers have found ways to circumvent this process. Such Apple-notarized malware constitutes a threat to macOS users. Let us start by exploring what Apple notarization is. We will then discuss some recent examples of Apple-notarized malware and some prevention techniques.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we explore how credential stuffing attacks are evolving and why they pose a greater threat than meets the eye. Credential stuffing is perhaps the simplest form of cyberattack, but it continues to make headlines despite its lack of sophistication. It has become the attack method of choice for cybercriminals primarily because of its high success rate and ROI.

At Bulletproof, we know that different people learn in different ways. So when a healthcare provider came to us needing an innovative, engaging way of delivering security awareness training, we stood ready to deliver. The healthcare provider in question was St Andrews Healthcare – providers of specialist care for people with challenging mental health needs. Being a company that works with vulnerable individuals, staff awareness of cyber security is essential.

Rickard Carlsson, CEO of Detectify, recently joined as a guest speaker on the Application Security Weekly Podcast hosted by Mike Shema, Matt Alderman, and John Kisella.They discuss how Detectify’s solution is a game changer by combining the speed of automation and hacker expertise, why you should trust developers with security, and how the modern digital landscape requires even devs to look at the asset inventory. We’ve highlighted some interesting points in the interview.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I have a few IoT related articles this week. Let’s start with a really disturbing swatting incident originating from a breach of a Ring door bell.

2020, as a year, has been anything but predictable, but we’re proud to say we got even a few things right. Here’s a look back at some pretty big trends, a couple of things that sort of happened, and at least one big miss.

Cyber attackers are continuously cultivating their methods to evade detection. Now, they can cloak a seemingly innocuous webpage with an invisible layer containing malicious links. This method of attack, known as clickjacking, could cause you to activate your webcam or transfer money from your bank account. In this post, we outline the different types of clickjacking attacks and teach you how to best defend yourself against this application security threat.