Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Lazarus Group targets a software vendor, a link shortening service abuses the.US top-level domain, and hackers target crypto experts with KANDYKORN malware.

In this blog post, we will highlight Snyk’s view on the new vulnerability scoring framework, CVSS 4.0, which was released on November 1, 2023.

ServiceNow users can eliminate secrets sprawl in their organization by dynamically retrieving credentials from their Keeper Vault via a seamless integration with Keeper Secrets Manager. ServiceNow is a cloud-based platform that provides workflow automation, service management and business-process automation solutions to enterprises. ServiceNow is one of the most popular and widely deployed IT Service Management (ITSM) solutions available today.

In an era where technology advances at breakneck speed, the corporate world finds itself facing an evolving and insidious threat: deepfakes. These synthetic media creations, powered by artificial intelligence (AI) algorithms, can convincingly manipulate audio, video, and even text - posing significant risks to businesses, their reputation, and their security. To safeguard against this emerging menace, a forensic approach is essential.

For many cybersecurity leaders, the most intimidating threat they encounter isn’t an adversary — it’s the daunting prospect of trying to win over key business stakeholders and obtain vital budget.

A federated identity provider is an outside service provider that has been entrusted by an organization as an authority regarding user authentication and identity management. In the context of a service that leverages single sign-on (SSO), when an individual user requests access to the service, the service contacts the identity provider (IdP) to validate the user’s identity.

A phishing campaign is exploiting a large number of.top domains, according to researchers from WhoisXML API. In an article for CircleID, the researchers analyzed a phishing operation first uncovered by security researcher Dancho Danchev. “Our DNS deep dive into the phishing campaign led to the discovery of 5,245 unreported potentially connected threat artifacts, a majority of which were.top domains,” the researchers write.

Operating system (OS) hardening, a facet of system hardening, involves the implementation of security measures of operating systems like Windows, Linux, or macOS (aka OS X) to bolster their defenses against cyberattacks. The primary aim is to fortify sensitive computing systems, thereby reducing their vulnerability to various security threats, including data breaches, unauthorized access, system intrusions, and malware in accordance with best security practices.

Since Hamas’s attack on Israel last month, SecurityScorecard’s SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has paid close attention to hacktivist activity provoked by the conflict, with particular focus on the international scope.

A recent wave of advanced persistent threat (APT) attacks is spreading throughout the Asia-Pacific (APAC) region, and these have been attributed to a newly identified group known as Dark Pink (also referred to as the Saaiwc Group). While evidence suggests that Dark Pink commenced its operations as early as mid-2021, the group’s activities escalated notably in the latter part of 2022.