Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Recent API breaches drive home the urgency of robust security. In the T-Mobile data breach, for example, the attackers exploited vulnerabilities in an API to compromise sensitive customer data. This incident exposed millions of users to potential identity theft and underscored the devastating impact of API security lapses. Infiltrating through the API, the attackers gained unauthorized access to customer records, emphasizing the need for comprehensive protection measures.

AutoZone is a vehicle parts replacement provider and servicer. Hosting over 5,300 stores across North America alone, AutoZone is a recognizably local option for car owners stateside. AutoZone’s many locations require seamless system responses; they ensure efficient service by using applicable third-party services.

In 2022, more than 25,000 new CVEs were discovered and added to the NIST National Vulnerability Database. In just the first ten months of 2023, another 23,500 CVEs were identified and added to the NIST NVD. That’s more than 48,000 new vulnerabilities documented in less than 2 years! With so many new CVEs being identified all the time, vulnerability management can seem like an insurmountable challenge. Despite the staggering numbers, there’s good news.

Cybercriminals and threat actors use multiple vectors to infiltrate your IT network. They employ a series of coordinated steps as they… Impactful cyberattacks today are no longer executed as a simple virus with self-mutation capabilities, especially when many organizations rely on AI-enabled threat detection capabilities. They’re a lot more sophisticated.

In organizational risk management, Risk Tolerance and Risk Appetite are two fundamental concepts. These concepts are applied in areas such as business investing, decision making, cybersecurity risk management, and overall finance. While these concepts complement each other, they do have different meanings. A simple distinction is this: And there’s a bit more to it.

One of the most notable changes in cybercrime since the beginning of the 21st century has been the maturation of the illegal industry from individual hackers to full-on profitable businesses. E-Root, a global illegal marketplace, was taken down by law enforcement in 2020 but recently made the news as its admin faces 20 years in prison for selling stolen Remote Desktop Protocol (RDP) and Secure Shell (SSH) accounts.

Code doesn’t write itself and software doesn’t secure itself, as much as the race is on to make that happen. At the beginning and end of everything in software is people and, importantly, people interacting with each other. Having great tools doesn’t matter if no one uses them, and having great policies doesn’t matter if no one enforces them.

It’s always great news when we hear about a customer’s delight when using Aikido Security. But, we don’t want to keep all the good stuff to ourselves! Let’s focus on Loctax, the first-ever collaborative tax governance platform for global in-house tax teams. Loctax delivers its tax services to companies such as Wise, PedidosYa, Iba, Luxottica, and Trainline.

This spring, Australian authorities were able to arrest a cybercrime syndicate that had conducted BEC attacks on at least 15 individuals and organizations with stolen profits totaling $1.7 million (USD). If those numbers seem shocking, they’re part of a growing upward trend of BEC attacks that shows no sign of slowing down.

If the holiday classic “How the Grinch Stole Christmas” was remade in 2023, the mean green guy might be played by an Internet bot. Sure, these bots may not come down your chimney and steal a tree or holiday dinner, but threat actors have designed them to help ruin retailer and consumer holiday shopping experiences. Trustwave SpiderLabs exposed how the two primary bot variants, Grinchbots and Freebie Bots, operate in the team's recent report.