Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cybercriminals are sneaky. They know that the weakest link in an organization’s cyber defenses is its supply chain. In fact, supply chain attacks are now the avenue of choice for hackers. Consider the facts.

Your best mobile apps might turn into the worst ones if you neglect the security domain during the development of your app because the vulnerabilities that creep in make the apps more prone to attacks. Cybersecurity Ventures predicts that if cybercrime were an independent country, it would become the world's third-largest economy by 2025.

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The California Privacy Rights Act (CPRA) was passed in November 2020. It amends the 2018 California Consumer Privacy Act (CCPA) introduced in response to rising consumer data privacy concerns.

Software-as-a-service (SaaS) applications have become an integral part of modern enterprise operations. According to a recent report by Gartner, the worldwide public cloud services market is projected to grow to $591.8 billion in 2023, up 20.7% from $490.3 billion in 2022, with SaaS being the largest market segment representing about 33% of the market.

CrossLock is a ransomware group that emerged in April 2023, targeting a large digital certifier company in Brazil. This ransomware was written in Go, which has also been adopted by other ransomware groups, including Hive, due to the cross-platform capabilities offered by the language. CrossLock operates in the double-extortion scheme, by threatening to leak stolen data on a website hosted on the deep web if the ransom isn’t paid by the victim.

If you have opened this blog post, you are surely seeking an answer to what is Code Signing. Code Signing Certificates are digital certificates used to authenticate the identity and company of the software publisher; to confirm the integrity of the software. Public Key Infrastructure (PKI) technology is used to secure the digital distribution of software. PKI also safeguards other executable files by signing them with a digital signature.

There are about 90 DNS resource record types (RR) of which many of them are obsolete today. Of the RR’s used, DNS TXT record offers the most flexibility in content by allowing user defined text. The TXT record initially designed to hold descriptive text (RFC 1035) is widely used for email verification, spam prevention and domain ownership verification.

Think of all the different points within your organization that provide access to information. That could be your website, the mobile version of your application, your Slack instance, and so much more. It’s a list that gets very long, very quickly. All of those endpoints, both physical and digital, make up the attack surface of your organization.

The phone rings, displaying "Potential Spam," warning of the possible downfall of accepting the call. We also have the option to set specific ringtones for the special people in our lives, so we audibly know immediately who’s calling. For other callers, like the once-a-year important call from our insurance or investment rep, we'll at least add their names so we can see when they ring. And, of course, there are the numbers that we have blocked.

Excessive data exposure occurs when APIs reveal more fields, data, and information than the client requires through the API response. Excessive data exposure flaws expose all object properties to API calls rather than what the user needs to act on without considering the object’s sensitivity level. This vulnerability exposes you to data leaks, man-in-the-middle attacks, and other cyber threats. That is why excessive data exposure in APIs is listed as #3 in the OWASP API Security Top 10 2019.