Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Stopping API attacks with Salt Security and AWS WAF

May 18, 2023 By Salt Security In Salt Security
Every company’s APIs are unique and so are its security gaps. Bad actors will poke and prod to learn your APIs and find mistakes in business logic they can exploit. Catching these attacks requires context and deep behavioral analysis over time. With its recent AWS WAF Ready designation, Salt Security makes it easier and faster for businesses to protect the APIs running in their AWS environments. Salt provides the visibility, intelligence, and context over time to identify and block attacks using tools you already rely on such as Amazon API Gateway, AWS WAF, and other inline enforcement points.
View Video
knowbe4

Phishing Tops the List Globally as Both Initial Attack Vector and as part of Cyberattacks

May 18, 2023 By Stu Sjouwerman In KnowBe4

A new report covering 13 global markets highlights phishing prevalence and its role in cyber attacks when compared to other types of attacks. It’s difficult for me not to stand on my “phishing is a problem” soapbox when there exists stories and reports demonstrating that phishing continues to dominate as a security problem that isn’t being properly addressed.

Read Post
knowbe4

New "Greatness" Phishing-as-a-Service Tool Aids in Attacks Against Microsoft 365 Customers

May 18, 2023 By Stu Sjouwerman In KnowBe4

This new phishing toolkit is rising in popularity for its effective realism in impersonating not just Microsoft 365, but the victim organization as well. Security researchers at Cisco Talos have identified a new Microsoft 365 toolkit that actually creates a realistic login experience for the victim user, making it more dangerous to organizations.

Read Post
Arctic Wolf

Phishing Threat From New .zip Top-Level Domain

May 18, 2023 By James Liolios In Arctic Wolf
On Wednesday, May 3, 2023, Google introduced eight new top-level domains (TLD) available for purchase and that could be used with websites and/or email addresses. From these eight new TLD’s, one that stands out as a potential security risk is.zip. The.zip TLD is concerning since it is also used as an extension of files commonly shared over the internet. With the inclusion of.zip as a domain, email clients and web platforms will now accept URLs disguised as filenames with.zip extensions.
Read Post
Arctic Wolf

Four Critical RCE Vulnerabilities in Cisco Small Business Series Switches

May 18, 2023 By James Liolios In Arctic Wolf
On Wednesday, May 17, 2023, Cisco disclosed four critical remote code execution vulnerabilities affecting the web-based user interface of Cisco Small Business Series Switches. Cisco’s Product Security Incident Response Team (PSIRT) is aware of PoC exploit code being available for these vulnerabilities, however, they have not identified a publicly available PoC exploit.
Read Post
upguard

The Impact of Cybercrime on the Economy

May 18, 2023 By Kyle Chin In UpGuard
IBM’s former executive chairman and CEO, Ginni Rometty — who created a 6000-strong Security Business Unit at IBM to counter cybercrime in 2015 — described data as a game-changing source of competitive advantage for the 21st century. Rometty noted that cybercrime is and should be the biggest threat to every industry and organization.
Read Post
mend

What You Should Know About Open Source License Compliance for M&A Activity

May 18, 2023 By Sam Quakenbush In Mend

Companies are increasingly concerned about the security of applications built on open source components, especially when they’re involved in mergers and acquisitions. Just like copyright for works of art, each piece of open source software has a license that states legally binding conditions for its use.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.