In this episode of the Trust Issues podcast, Debashis Singh and host David Puner explore the intricate world of digital transformation and identity security. Debashis, the Global CIO at Persistent Systems, shares his frontline insights on the singular challenges and strategies organizations face on their digital transformation journeys.

Securing your API ecosystem is increasingly complex, leaving organizations unsure where to begin. Gartner's 2024 Market Guide for API Protection offers clear guidance: Understanding your API attack surface and prioritizing your security efforts is crucial. Once you have visibility into your API landscape, you can implement appropriate security measures to protect your APIs from abuse and access violations.

Attackers and bot authors are continually evolving their methods, shifting their focus beyond just websites. With websites often having a reasonable level of protection, malicious actors are increasingly targeting less-protected areas, namely APIs, with their bots. This blog post delves into the evolving threat landscape. We’ll focus on how attackers exploit APIs and IoT devices to launch attacks like credential stuffing, using streaming services as a prime example.

As outlined in a previous post, OpenTelemetry and Splunk Observability Cloud can provide great visibility when security teams investigate activity in modern environments. In this post, we look at another aspect of this visibility: how you can use traces to see directly into the workings of an application to find a potential threat. Let’s imagine we’re the security analyst, and a message comes across from the Security Operations Center (SOC).

The National Institute of Standards and Technology (NIST) helps organizations implement best practices across their operations, including cybersecurity. In particular, NIST password guidelines outlines are considered the gold standard for solid password creation and management policies.

Researchers at ThreatFabric warn that a phishing campaign is distributing the Chameleon Android malware by impersonating a Customer Relationship Management (CRM) app. The campaign is currently targeting users in Canada and Europe, but may expand to other regions. “The naming used for the dropper and the payloads clearly shows that the intended victims of the campaign are hospitality workers and potentially B2C business employees in general,” ThreatFabric says.

Whether you've experienced a security breach, are setting up new devices, or simply enhancing your current security practices, this guide provides a step-by-step walkthrough to help you get back online securely. We've got you covered, from setting up your phone and laptop to tweaking essential security settings and securing your apps.

The pressure on security teams has never been greater. With an ever-evolving threat landscape, resource constraints, and now the rapid adoption of artificial intelligence (AI) technologies, Chief Information Security Officers (CISOs) are facing unprecedented challenges. This was one of the clear takeaways from our recent report CISO perspectives: separating the reality of AI from the hype, in which 53 CISOs shared their opinions and experiences of AI’s impact on their security operations.

Researchers at Menlo Security warn that a phishing campaign is exploiting Google Drawings to evade security filters. The phishing emails inform the user that their Amazon account has been suspended, instructing them to click on a link in order to update their information and reactivate their account. The phishing page is crafted with Google Drawings, which makes it more likely to fool humans while evading detection by security technologies.

For the fifth year in a row, we've been honored with the TrustRadius Tech Cares Award! This recognition is a testament to our unwavering commitment to corporate social responsibility (CSR) and the incredible efforts of our team. What makes this recognition so special is that it celebrates companies that go above and beyond in their CSR programs. At KnowBe4, we've always believed that our responsibility extends far beyond our products and services.