APIs will continue to drive business and accelerate digital transformation this year to the extent that nearly no other technology can; according to the 19th Developer Economics survey by Slashdata, almost 90% of all developers use APIs. This makes them a target for attackers who aren’t afraid to engage in any tactic, especially tried-and-true methods like parameter tampering attacks - malicious API attack traffic surged 117% from 2021 to 2022.
Business email compromise (BEC) is a dangerous type of email spoofing that targets businesses, aiming to damage them in some way. Overall, BEC “is one of the most financially damaging online crimes,” according to a joint Cybersecurity Advisory by the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA).
Malware as a Service is the unlawful lease of software and hardware from the Dark Web to carry out cyber attacks. The threat actors who use this service are provided with botnet services and technical support by the MaaS owners. This service opens doors to anyone with minimal computer skills to use and distribute pre-made malware. The data that is stolen is often sold to the highest bidder or left for the service subscribers. MaaS is an illegal version of Software as a Service (SaaS).
Is your security tool an island? Does it do its singular task with little more to offer than what it says on the package? Too many security offerings behave as singular entities, forcing you to constantly perform task switching to complete a job. If you are using a robust tool, then you may not be taking full advantage of its capabilities. Many capabilities of a good tool can be broadened with the use of an Application Programming Interface (API)
Around 39 billion records were compromised between January and December of last year, according to Flashpoint’s 2022 A Year in Review report. While this result is quite staggering, it also sends a clear message of the need for effective database security measures. Database security measures are a bit different from network security practices. The former involves physical steps, software solutions and even educating your employees.
Willie Sutton, the criminal who became legendary for stealing from banks during a forty year career, was once asked, "Why do you keep robbing banks?" His answer? "Because that's where the money is." However, today there's a better target for robbers today than banks, which are typically well-defended against theft... Cryptocurrency wallets.
Even those who consider themselves well educated about security threats - and do everything they have been taught to do - can still end up as a victim. The truth is that with enough time, resources, and skill, anything and anyone can be successfully attacked.
We all know about the attacker who leverages their technical expertise to infiltrate protected computer systems and compromise sensitive data. This type of malicious actor ends up in the news all the time. But they’re not the only ones making headlines. So too are “social engineers,” individuals who use phone calls and other media to exploit human psychology and trick people into handing over access to the organization’s sensitive information.
Security threat actors are becoming smarter, and their attacks more devious. Staying ahead of cybercriminals and vulnerabilities is the only way to defeat the attackers at their own game. If you want to protect your organization from cyber threats, then you need to think like an attacker. Operational security, also known as OPSEC, is a discipline that considers the perspective of potential threat actors.
Deepfakes are forged images, audio, and videos that are created using Artificial Intelligence (AI), and Machine Learning technologies. According to the World Economic Forum (WEF), deepfake videos are increasing at an annual rate of 900%, and recent technological advances have made it easier to produce them. VMware states that two out of three defenders report that deepfakes were used as a part of an attack to influence operations, or to launch disinformation campaigns.
