Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A password policy is a set of rules that are usually a part of an organizations security regulations to improve computer security. These policies can be formal regulations or part of security awareness training programs that outline requirements such as minimum length, complexity and unique characters. A password must comply with these password strength rules to be set for an account.

Two vulnerabilities—stored XSS and insecure file upload— have been detected in the Alpha 0.5 version of CervantesSec. This article will outline what CervantesSec does, the vulnerabilities found, and its current status.

A new phishing campaign tries to trick email recipients into pasting and executing malicious commands on their system that installs DarkGate malware. Security researchers at Ahnlab have discovered a new phishing campaign that leverages a unique user interaction. Normally, phishing campaigns simply need users to open an HTML attachment.

As social media becomes more intertwined with our daily routines, cybercriminals are using it to trick people with fake job offers. What are these social-media recruitment scams, and how can you spot the red flags? With unemployment surging in many countries around the world, in particular countries like South Africa, which is currently at the top of the highest unemployment list in the world at over 32%, it’s no wonder that scams targeting job seekers are becoming more common.

Researchers at Menlo Security discovered three state-sponsored phishing campaigns that have targeted 40,000 important individuals over the past three months.

A newly identified ransomware group, "Volcano Demon," has emerged, targeting executives directly with threatening phone calls instead of the typical data leak sites. Over the past two weeks, this group has carried out several attacks, deploying a unique ransomware variant known as “LukaLocker,” according to a report from Halcyon. LukaLocker Ransomware Attack Overview Volcano Demon’s ransomware, LukaLocker, encrypts files with a.nba extension.

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has issued a temporary ban on Meta from processing personal data of users to train its artificial intelligence (AI) algorithms. This decision stems from concerns over inadequate legal justification, lack of transparency, and potential risks to privacy rights, particularly for children and adolescents.

Twilio, the cloud communications provider, has disclosed a security breach affecting its Authy app, exposing users' phone numbers due to an exploit in an unauthenticated endpoint. Understanding the Authy App Breach Twilio confirmed unauthorized access to an endpoint within Authy, leading to the exposure of data linked to Authy accounts, specifically users' cell phone numbers.

Cybersecurity is the most crucial curve in today’s rapidly evolving digital landscape, and all organizations of any size need to be at the forefront of it. With AI becoming mainstream, new emerging trends shape the cybersecurity industry daily.

A large solutions and services company facing strict compliance regulations and enforcements needed a powerful, scalable enterprise data protection solution for their data being migrated over to S3, Athena, Amazon Redshift, and Glue environments. The sensitive data included HR, Financial and customer information. Using Protegrity’s field-level data protection, the company overcame this challenge, significantly improving their processes.