Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Between the time it takes to stand up a new security tool in an IT environment, the resources needed to continually train personnel to effectively use each tool, and the raw cost of the solution itself, enterprise security teams invest quite a lot when introducing new security controls. Solutions that have been in place for a long time have likely grown with the team’s needs, and are well trusted within the organization.

At Cloudflare, we're constantly vigilant when it comes to identifying vulnerabilities that could potentially affect the Internet ecosystem. Recently, on September 12, 2023, Google announced a security issue in Google Chrome, titled "Heap buffer overflow in WebP in Google Chrome," which caught our attention. Initially, it seemed like just another bug in the popular web browser. However, what we discovered was far more significant and had implications that extended well beyond Chrome.

Over the last few years, APIs have rapidly become a core strategic element for businesses that want to scale and succeed within their industries. In fact, according to recent research, 97% of enterprise leaders believe that successfully executing an API strategy is essential to ensuring their organization’s growth and revenue.

Read also: Trio convicted for $2.5M cyber scam, Indian law enforcement busts multimillion-dollar investment fraud ring, and more.

The rapid growth we see ourselves in regarding technology has caused businesses to change to digital methods to secure data quickly. The time limitations businesses face to secure their data quickly and effectively may cause the security standards to drop, leaving companies wide open to cybercrime. Cybercrime remains a global problem in 2023, reflected in the rising costs of data breaches and increased attacks on businesses and people’s data.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. A bit of a nightmare has surfaced…

In 2019, I founded and served as the CEO of a cloud security company (C3M), a journey that eventually led to our acquisition by CyberArk in 2022. Back then, the cloud security scene was budding, filled with migration buzz and a shifting urgency around securing the cloud. Acronyms like CSPM (cloud security posture management) were emerging, and enterprise security leaders grappled with where to begin. Jump to 2023, and cloud security has transformed.

Splunk is proud to announce we’ve been granted four 2023 PeerSpot Tech Leader Awards! This honor is extended to just the top three solutions in four categories on the PeerSpot Buying Intelligence Platform. We’re particularly thrilled to be recognized by real users of Splunk Enterprise Security and Splunk SOAR that can speak to their features, functionality, and the business value they drive for their organizations.

The most often recommended piece of anti-phishing advice is for all users to “hover” over a URL link before clicking on it. It is great advice. It does assume that the involved users know how to tell the difference between rogue and legitimate URL links. If you or someone you know does not know how to tell the difference between malicious and legitimate URL links, tell them to watch my one-hour webinar on the subject. We are going to recommend a slight update on the rule.

Menlo Security warns that a social engineering campaign is using the EvilProxy phishing kit to target senior executives across a range of industries, including banking and financial services, insurance, property management and real estate, and manufacturing.