Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the fast-paced world of technology, where innovation drives success, organizations find themselves in a perpetual race to enhance their applications, captivate customers, and stay ahead of the competition. But as your organization launches its latest flagship CRM solution after months of meticulous planning, have you considered what happens beyond Day 0 or Day 1 of the rollout?

Our threat research team recently uncovered new npm packages that are used to download a new info-stealer variant that uses the popular Electron framework to disguise itself as a legitimate application. In this blog post, we’ll analyze the attack flow of this new info-stealer we detected and explain how it can stay undetected by abusing trusted development tools like Electron.

Domain Name System (DNS), informally referred to as the “phonebook of the internet,” is one of the mainstay protocols that makes the internet work by translating reader-friendly domain names into IP addresses and vice-versa.

An integrated physical and digital security access system provides campus law enforcement and security with a more holistic view of activities on campus. When access and identity are further integrated with video surveillance, intercoms, and visitor management, security is strengthened even more. The University of Washington and Michigan State University recently announced plans to expand campus physical and digital security systems.

Cyber threats are increasingly affecting universities and colleges in the USA. Institutions have experienced a surge in cyber attacks in recent years, including data breaches, ransomware attacks, phishing scams, and malware infections. One driving factor for this increase is the valuable data higher education institutions hold, including sensitive personal information of students, faculty members, and staff, as well as important research data and intellectual property.

CentOS 7 has been a popular choice for many businesses and developers due to its stability, robustness, and compatibility with enterprise-level applications. According to W3Techs, CentOS is used by 2.8% of all the websites whose operating system is known. However, as announced on the official CentOS blog, the end of life (EOL) for CentOS 7 is fast approaching. This means that after June 30, 2024, CentOS 7 will no longer receive official support, updates, or security patches.

The state of cybersecurity is in constant flux — meaning we must constantly iterate and revisit our systems to protect ourselves. With security logging and monitoring failures moving up to number 9 of the OWASP Top 10, organizations everywhere are revisiting their stance on network and application monitoring. This is great for getting a pulse check on security posture and is certainly key in any good strategy, but we might be forgetting something — IoT devices.

The Gartner 2021 Hype Cycle for Cloud reports 99% of breaches start with cloud misconfigurations. Thus, having a philosophy of protecting just traditional endpoints – servers, laptops, desktop PCs, and mobile devices – with EDR (Endpoint Detection and Response) software is not enough. Sysdig has teamed up with multiple security organizations in the cloud security ecosystem to offer comprehensive security solutions.