Evasive Panda deploys new versions of Macma backdoor and Nightdoor, cybercriminals work independently after RaaS takedowns, and a new Linux Play variant targets VMware ESXi systems.

Application Programming Interfaces (APIs) are the connecting tissue that enables the communication between applications, internal and external, and facilitate data exchange on a massive scale. In a world where information is the crown jewel of an organization, APIs are driving the delivery of digital services to customers and partners. While their usage is already exploding, the growing popularity of cloud-native technologies and microservices has only accelerated API adoption.

The cybersecurity landscape is rapidly evolving, and nowhere is this more evident than in the Security Information and Event Management (SIEM) market. This period of transformation, marked by strategic mergers and high-stakes buyouts, signals not only a race for market dominance, but also the potential for profound changes in how cybersecurity solutions will operate in the future.

Welcome, fellow developers! In this blog post, we are going to delve deep into the world of application security, specifically focusing on a vulnerability that can deteriorate FastAPI security: Denial of service (DoS) caused by insecure regular expressions (regex).

Data privacy under GDPR is crucial in today's digital age. With increasing data breaches, understanding and protecting personal information is vital. The General Data Protection Regulation (GDPR) plays a significant role in safeguarding personal data and Personally Identifiable Information (PII). GDPR, implemented in 2018, sets strict guidelines on data protection for individuals within the EU.

Companies spend a huge amount of their budget trying to build, manage, and protect cloud environments. Since there is no industry standard for sharing data feeds between development and security, each team is on an island trying to figure out how to keep their side of the room clean. The most robust security incident response teams understand the incredible value of using observability telemetry for security workflows, but are unsure how to make it happen in practice.

Drawing on extensive proprietary research, Trustwave SpiderLabs believes the threat actors behind the Facebook malvertising infostealer SYS01 are the same group that developed the previously reported Rilide malware. Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01 – Part 2 lays out evidence tying the latest Rilide (V4) version to SYS01. The report noted the code from the two malware types overlaps in too many areas to be a simple coincidence.

From day one, Vanta has helped security teams build and maintain a strong security posture to protect sensitive data and reduce business risk. Our industry-leading trust management platform provides automated, continuous compliance, ensuring that the necessary people, processes, and technology for strong security are in place and working effectively. ‍ With Vanta, customers like Unleash and Pigment are able to reduce costs and free up resources for strategic security initiatives.

Ransomware attacks continue to pose a growing threat to organizations as it has emerged as the number one threat, affecting 66% of organizations in 2023 and pulling over $1 billion from the victims. These attacks have increased in frequency and sophistication, resulting in significant financial loss, operation disruption, theft of sensitive data, and reduced productivity rates. Also, it damages the organization's reputation and results in the loss of customer trust and compliance violations.

Summer is here, bringing thoughts of the beach, travel, and relaxation. However, summer isn’t without its chores; gardens need work, and summer houses require maintenance. Sometimes these chores can be enjoyable and even therapeutic, but most importantly, they keep our projects in good condition, allowing us to unwind and enjoy the summer months.