Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In social engineering attacks like smishing and phishing, the mind is the real target. How often do we quickly glance at a text or email and click without a second thought about its origins? Scammers know this, so they prey on the urgency conveyed in the convincing messages sent to your valued customers and unprepared coworkers. Opportunistic scammers send 3.4 billion spam emails daily.

We're excited to share new updates and enhancements for September, including: For more information on these updates and others, please read the complete list below and follow the links for more detailed articles.

Apono is proud to announce the successful completion of its Series A funding round, raising $15.5 million to further its mission of delivering AI-driven cloud access governance. This funding round, led by New Era Capital Partners with participation from Mindset Ventures, Redseed Ventures, Silvertech Ventures, and existing investors, brings Apono’s total investment to $20.5 million.

CVE-2024-28987 is a critical (CVSS v3 score: 9.1) hardcoded credential vulnerability in the SolarWinds Web Help Desk (WHD) software. If exploited, this Java deserialization remote code execution (RCE) vulnerability allows attackers remote unauthenticated access to create, read, update and delete data on specific WHD endpoints.

When it comes to security, organizations often consider themselves well-covered. But in today’s landscape, where cybersecurity threats evolve at breakneck speed, even the most well-prepared teams cannot afford to have testing gaps. The reality is that if your primary strategy for removing security testing gaps is tightening scanning policies or expanding penetration test scope, you are trying to patch a dam with bubble gum. Is your attack surface covered?

In today’s fast-paced digital landscape, IT departments face unprecedented challenges. From managing increasingly fragmented infrastructures to ensuring robust security, the demands on IT teams have never been higher. Secure Access Service Edge (SASE) represents a groundbreaking approach to addressing these challenges by converging networking and security into a unified, cloud-native platform. But what makes a true SASE platform so transformative?

XWorm is a relatively new versatile tool that was discovered in 2022. It enables attackers to carry out a variety of functions, which include accessing sensitive information, gaining remote access, and deploying additional malware. The multifaceted nature of XWorm is appealing to threat actors, as evidenced by its alleged use earlier this year by threat actors such as NullBulge and TA558. Through Netskope Threat Labs hunting efforts, we uncovered XWorm’s latest version in the wild.