Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Yep, it’s that time of year again. The moment when that dreaded questionnaire from your Cyber Insurer lands on your desk like a ton of digital bricks. Suddenly, panic mode kicks in, and you’re transported back to those school days, facing an exam that seemed more daunting than Mount Everest. Remember how you used to play the skipping game with exam questions, hoping for a miracle to help you conjure up some brilliant answers? Yeah, it’s like déjà vu all over again.

This is the third in a series of four posts about shadow IT, including how and why teams use unapproved apps and devices, and approaches for securely managing it. For a complete overview of the topics discussed in this series, download Managing the unmanageable: How shadow IT exists across every team – and how to wrangle it.

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of reminded me that too often, the peanut butter and chocolate sit alone on their own separate shelves.

Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security. What makes the reported attacks particularly interesting is that traditional cybercriminals may not be behind them, but rather "forensic companies" exploiting two vulnerabilities to extract information and prevent remote wiping.

In today’s rapidly evolving digital landscape, the importance of low code security cannot be overstated. As organizations increasingly rely on low code development platforms to accelerate application and software development, it is crucial to understand the significance of robust security measures.

Developing applications using low code platforms has gained popularity in recent years due to its ability to accelerate the software development process. However, with increased speed and efficiency comes the need for robust security measures to protect sensitive data and ensure a safe user experience. In this article, we will explore the best practices and strategies for enhancing low code application security.

Read also: Australian hacker Abdilo extradited to the US, carders arrested in Russia, and more.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! You take a long bank holiday weekend and the (Linux) world falls apart. Ouch.

Managed service providers (MSPs) are an attractive target for cybercriminals because of the large amount of sensitive data they handle and their access to their customers' critical infrastructure. A recent survey revealed that 78% of MSPs consider cybersecurity to be their biggest challenge, which has risen considerably from 67% last year. This trend highlights how important it is for MSPs to invest in innovative cybersecurity solutions and train skilled personnel to protect against new threats.

A new string of multi-factor authentication (MFA) attacks targeting the reset of Apple IDs seem to be popping up in a likely attempt to steal the victim’s digital identity and more. A recent post on Twitter/X from entrepreneur Parth Patel outlines his experience when his phone became inundated with requests to reset his Apple ID password – to the tune of over 100.