Protecting web sites is more important than ever in today's quickly changing digital world. As the number of cyberattacks keeps going up, pentesting to a domain online site is an important way to find and fix holes that attackers could use easily. Pentesting, also called penetration testing, is the process of simulating cyberattacks on a web site to find security holes. This lets companies fix these holes before they can be used in real attacks.

Threat actor uses the Gophish toolkit in phishing campaigns, attackers bypass secure email gateways and antivirus scanners, and Bumblebee malware returns.

The Sysdig Threat Research Team (TRT) recently discovered a global operation, EMERALDWHALE, targeting exposed Git configurations resulting in more than 15,000 cloud service credentials stolen. This campaign used multiple private tools that abused multiple misconfigured web services, allowing attackers to steal credentials, clone private repositories, and extract cloud credentials from their source code. Credentials for over 10,000 private repositories were collected during the operation.

Recently, a critical API vulnerability in FortiManager (CVE-2024-47575) was disclosed. Certain threat actors exploited it in the wild to steal sensitive information containing configurations, IP addresses, and credentials used by managed devices. In advanced notification emails, Fortinet warned its users of the vulnerability and mitigation steps. The vulnerability has a critical severity rating of 9.8 out of 10.

In our recent webinar, "Myth-Busting Cyberstalking," hosted by The Cyber Helpline and Paladin, we tackled common misconceptions about stalking. Misunderstandings around stalking can put victims at risk, so our goal was to debunk harmful myths and provide guidance on handling such situations safely. Here’s a rundown of the eight myths we covered, along with insights from our panel of experts.

The Sarbanes-Oxley Act (SOX) is a United States federal law that aims to enhance corporate transparency and accountability. Signed into law on July 30th, 2002, the Act came in response to a slew of major corporate accounting scandals, including those involving Enron and WorldCom, that came to light in the early 2000s. Its primary aim is to enhance corporate transparency and accountability, ensuring companies adhere to strict financial reporting standards and maintain effective internal controls.

Compromised secrets, such as leaked API and SSH keys, credentials, and session tokens, are the leading cause of cloud security incidents. While attackers can directly compromise secrets through methods like phishing, they can also gain control by finding and taking advantage of simple misconfigurations in your environment.

We’re excited to announce our new partnership with Backblaze—bringing their Cloud Storage to businesses in North America and supporting Canadian companies that require data to remain within national borders.

When utilizing a new tool or solution to manage and monitor your data, it’s paramount that you can guarantee that the service you’re using is secure and that it protects your valuable data. With OpenSearch, you can rest assured that you’re using one of the most secure and robust solutions available. The solution emerged for numerous reasons, with one of the main factors being discontent among users surrounding privacy.

As organizations adopt more modern application strategies, APIs are increasingly important for enabling seamless communication and data exchange. However, this interconnectedness also introduces more significant security risks. APIs are gateways to sensitive information, making them prime targets for attackers. This can result in data breaches, business disruptions, and reputational damage.