OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. Following research released by Salt labs that uncovered critical vulnerabilities in the world's most popular authorization mechanism, Salt has released a multi-layered protection package to detect attempts to exploit OAuth and proactively fix the vulnerabilities.

Read also: Samourai Wallet founders charged with money laundering, German police shut down a DDoS-for-hire service, and more.

Credential theft is one of the most common methods used by cybercriminals to gain unauthorized access to an organization, according to Verizon’s 2023 Data Breach Investigations Report. Credential theft places organizations at a greater risk of data breaches, so steps must be taken to prevent it.

Over the past twenty years, I have navigated a unique journey through the cybersecurity landscape. My path has taken me from the realms of hacking and academia into the heart of threat intelligence (TI), culminating in my current role. Since I joined Cato in 2021, I’ve been leading security strategy and am proud to share the culmination of Cato’s research efforts in Cyber Threat Research Lab (Cato CTRL), our cyber threat research team.

The concept of enterprise-wide ad blocking always provokes a powerful response. Whenever I suggest, even casually, that the next step organizations should take to improve cybersecurity posture is implementing enterprise-wide ad blocking, I can hear the collective screams of sysadmins and help desk personnel everywhere — Websites could have compatibility issues! How will we manage it? Users won’t understand! It could be a help desk nightmare! And you know what? They are absolutely right.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! I think the moral of this story is, if you receive an unexpected alert from service you’ve had a long time and wasn’t informed this was a new feature; treat with caution.

In the increasing digitisation of essential services, governments worldwide have been enacting legislation to ensure the protection of vital systems. Australia is like no other, and as we in cybersecurity are all aware, the Security of Critical Infrastructure Act 2018 (SOCI Act) stands as a crucial piece of legislation aimed at safeguarding our nation.

On April 12th, Palo Alto disclosed a vulnerability with a maximum severity rating for the PAN-OS Global Protect Gateway. There was clear evidence that the vulnerability was being actively exploited as early as March 26th. When exploited, this vulnerability enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Palo Alto expected patches to be released for tested mitigations to block known attacks on April 14th.

We’re excited to bring you two significant updates to Veracode Fix: our AI-powered security flaw remediation tool. Since we launched Fix nearly a year ago, two requests have dominated our customer feedback: We recently launched a new version of Veracode Scan for VS Code that included Fix (with more IDE’s to follow), which answered some of those requests, and now we’re updating Fix to cover more languages and a new mode that will automatically apply the top-ranked fix.

A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit, Rhysida, and BlackSuit, it still presents a serious threat to organizations.