Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mobile devices have made it possible for employees to work and communicate from just about anywhere. But that convenience comes at a price. The rise of mobile devices and the rise of mobile security threats have gone hand-in-hand. Mobile devices like phones, tablets, and ChromeOS devices present an incredible vector for phishing, social engineering, and malware distribution—and threat actors are keenly aware of that fact.

Responding rapidly to cyber threats is a make-or-break capability in today’s high-stakes security environment. A missed alert can quickly escalate a minor incident into a major crisis, jeopardizing your organization’s critical assets and hard-earned reputation. A recent IBM study revealed that companies took an average of 237 days to identify a data breach in 2021 — an inexcusable delay that could invite catastrophic consequences. (Source: IBM Cost of a Data Breach Report 2022)

The latest Salt Security State of API Security Report is out now, and we’re thrilled to give a little sneak peek of its contents. As we have done in previous years, the State of API Security Report is assembled from survey responses and empirical data from Salt customers. This report includes the special addition of the “in the wild” API vulnerability research, much like last year’s report did, to give deeper insight into API concerns in real-world situations.

October is rapidly approaching, and that means new cybersecurity regulations known as NIS2 are set to be enacted by European Union (EU) member states. States are required to publish their local version of the NIS2 Directive into law by the 17th of October. Whilst many countries are well on track, however, some have already acknowledged they will not meet the deadline. This delay leaves organisations somewhat in the dark as to what they will need to comply with and by when.

Knowledge is power. Especially in the hands of your competitors. Information about your company, its products and services, finances, sales, and marketing strategy is a weapon in the ruthless world of espionage in business. That’s why it’s important to ensure that your organization’s data is well-protected. In this article, we reveal the meaning of corporate espionage and explain how to prevent industrial espionage.

At the end of May 2024, the largest ever operation against botnets, dubbed Operation Endgame, targeted several botnets including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. This operation significantly impacted the botnets by compromising their operations and shutting down their infrastructure. Although Latrodectus was not mentioned in the operation, it was also affected and its infrastructure went offline.

You might already know a fair bit about r2frida by now - its definition, usage, features, installation, and examples - something we discussed in the previous blog of this series. In case you missed out on it, you can find it here. In this blog, we will explore how r2frida can be instrumental in manipulating an iOS app's runtime.

Increasing phishing attacks are a constant threat to organizations, making it crucial for users to report suspicious emails. This practice not only helps in identifying and mitigating potential threats, but also plays a significant role in educating and creating awareness among employees. The importance of reporting suspected phishing emails cannot be overstated, as it acts as a last line of defense against cyber threats.

Researchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML files abuse the Windows Search protocol to launch Windows Explorer and trick users into installing the malware. “Trustwave SpiderLabs has detected a sophisticated malware campaign that leverages the Windows search functionality embedded in HTML code to deploy malware,” the researchers state.