Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A supply chain attack that targets customers of the 3CX Voice Over Internet Protocol (VoIP) desktop client has been discovered. Threat actors have created a digitally signed and malicious version of the software, which is being used to target both Windows and macOS users of the app. The threat actors are deploying second-stage payloads and are believed to be linked to a North Korean state-backed hacking group, , although this attribution has not been confirmed.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) defines insider threat as “the potential for an insider to use their authorized access or understanding of an organization to harm that organization.” The nature of insider threats is fairly wide-ranging. Most of us in the security field will naturally think of insider threats in cybersecurity terms, but CISA’s definition includes things like espionage, terrorism, and workplace violence.

In recent years, companies have been looking for ways to streamline their HR processes and make them more efficient. In recent years it has become practically feasible for business users such as HR professionals to create their own solutions, due to the wave of citizen development which is exploding worldwide. Huge market players perceive this as a growth area and are heavily investing in providing solutions and platforms to enable business users to build what they need, when they need it.

In the ever-evolving world of software development, secure and efficient package management is crucial to maintaining code integrity and fostering collaboration. While JFrog Artifactory offers a powerful solution for repository management, integrating Bytesafe as an upstream source can further enhance security and collaboration capabilities.

Human error behind misconfigurations, a host of insecure remote access issues, exposed business credentials with reused passwords and unpatched vulnerabilities have all contributed to a significant increase in cloud security incidents. Many organizations don’t foresee the challenges of what it will take to protect their data and operations after a move to the cloud.

A major security incident in the crypto field occurred between March 17-18th. Due to a vulnerability that was not caught before the event, unknown crypto hackers were able to drain 1.6 million USD (around 59 BTC) from Bitcoin ATMs owned by General Bytes - the world’s largest Bitcoin, Blockchain, and Cryptocurrency ATM manufacturer.

Postal Prescription Services is an Oregon-based mail-order medication business that sends medication to thousands of customers. It began associating with Kroger recently, and around the time of that merger, it suffered from a data leak. The grocery store chain Kroger is spread out over more than 2,800 separate locations, has over 465,000 employees, and serves millions of customers each year. As a result, many customers had some of their data exposed due to a mistake that was made.

In recent years, generative artificial intelligence (AI), especially Large Language Models (LLMs) like ChatGPT, has revolutionized the fields of AI and natural language processing. From automating customer support to creating realistic chatbots, we rely on AI much more than many of us probably realize. The AI hype train definitely reached full steam in the last several months, especially for cybersecurity use cases, with the release of tools such as.

Cybersecurity solutions have evolved from a basic investigation and discovery technology to behavioral analysis solutions that enable real-time detection and response. However, if they are to be truly effective, they must also protect against anomalous behavior that may seem harmless on its own, but after gaining a bigger picture by correlating and contextualizing detections, turns out to be an incident that needs to be responded to as soon as possible.

Read also: Australian police dismantles cyber crime syndicate, GhatGPT abused for phishing attacks, and more.