Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! We’ve been talking about Trello recently and look what pops up… Do what you need to folks.

One famous case of a major telecom player involved 10 million customer accounts being breached, and days later, an extortion demand for $1 million pounds cash was also made. The weak link? A forgotten ‘Zombie API.’

Updated on 07/18/2024 Static Application Security Testing (SAST) has been a central part of application security efforts for more than 15 years. According to the Crowdstrike 2024 State of Application Security Report, eight out of the top 10 data breaches of 2023 were related to application attack surfaces, so it’s safe to say that SAST will be in use for the foreseeable future.

Cyber threats are increasing and, unfortunately, local and state government entities have become top targets. In 2023, the FBI reported that government entities were the third most-targeted sector by ransomware, and Arctic Wolf’s own research saw the average ransom for government organizations top $1 million USD. And that’s just one kind of cyber attack.

In a concerning trend observed recently, threat actors are increasingly leveraging encoded URLs to bypass secure email gateways (SEGs), posing a significant challenge to email security defenses. According to recent findings by Cofense, there has been a notable uptick in attacks where threat actors manipulate SEGs to encode or rewrite malicious URLs embedded in emails. This tactic exploits vulnerabilities in SEG technologies, allowing malicious links to slip through undetected to unsuspecting recipients.

Today, personal data protection is very important as the amount of information shared by internet users keeps increasing daily; there is also a dire need to secure users' privacy. Hence, the importance of Privacy Impact Assessment (PIA) and Data Protection Impact Assessment (DPIA).

Receiving a One-Time Password (OTP) code that you didn’t request over text or email could be a sign that someone is trying to log in to one of your online accounts to gain access to your private information. An OTP code is a numeric code used as an additional form of verification to authenticate users before they can log in to their accounts. As the name suggests, this code can only be used once.

When you invest in a password manager, you should follow some best practices when setting it up to ensure your information stays secure. Some of the best practices when using a password manager include creating a strong master password, enabling MFA, changing weak passwords, auditing your passwords and setting a short inactivity logout timer. Continue reading to learn more about the best practices when you use a password manager like Keeper.

Read also: Global law enforcement op strikes West African cybercrime, the Astrostress operator gets a prison sentence, and more.