Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In an increasingly digital world, cybersecurity has become a critical concern for companies. With the rise of sophisticated cyber threats, protecting critical infrastructure and ensuring the continuity of essential services has become a top priority. The EU’s Network and Information Security Directive (NIS2), which supersedes the previous directive from 2016, establishes a framework to enhance the security and resilience of network and information systems.

Cyber threats pose a significant risk to organizations due to today's increasingly interconnected digital landscape. To address these challenges and ensure the security and resilience of critical infrastructure and digital services, the European Union introduced the Directive (UE) 2022/2555, commonly known as NIS 2 - which was actually approved on the same day as DORA, both being critical in how the EU is leveraging regulatory compliance and technology to reduce cyber risk.

The Cybersecurity & Infrastructure Security Agency (CISA) has released its 2024-2026 Cybersecurity Strategic Plan, which the agency says will change the trajectory of our national cybersecurity risk by focusing not just on how to defend but developing metrics to measure progress.

In part one of this four-part series on card cracking fraud, we covered the basics of what carding is, how carders use bots to power their attacks, and defined the most important terms and phrases within the carding vocabulary in our Carder’s Dictionary. Click here if you missed it or need a recap. In part two, we’ll be talking more specifically about the carding landscape in Russia and on Russian-speaking forums and online communities.

At this year’s AWS re:Invent, Mic McCully, Field CTO at Snyk, spoke with Jacob Salassi, Director of Product Security at Snowflake. They discussed what it looked like for Snowflake to overcome various security challenges with the right combination of processes, company culture shifts, and tool partners (including Snyk!). Read on to learn about the practices Jacob and his team established to create a successful application security program.

Financial services institutions (FSIs) have become an increasingly common target for malicious actors. According to Boston Consulting Group, FSIs are 300 times more likely to face cyber attacks than other sectors, and the 2022 VansonBourne report noted that 94% of the FSIs it surveyed experienced a cyber attack in the last 12 months.

IT environments have become increasingly complex in recent years. This can be attributed to factors such as distributed work environments applying hybrid work models, the increase in the number of devices, and the growing number of systems to be managed. This complexity makes it increasingly difficult to provide a good service to your customers effectively.

Customers of the bankrupt cryptocurrency exchange FTX are already receiving phishing emails following a breach of personal data held by several crypto companies, CoinDesk reports. The customer data was leaked after a T-Mobile employee fell for a SIM swapping attack and granted a threat actor access to an account belonging to an employee of financial advisory firm Kroll.

A recent survey by Lookout, Inc. warns for a specific attack vector as Labor Day approaches. The study shows that 85% of enterprise employees capable of remote work plan to do so on Friday, September 1, primarily using mobile devices. This creates an ideal environment for hackers to launch targeted phishing attacks. The risk is exacerbated by the fact that 80% of respondents admit to being more relaxed and distracted when working remotely on Fridays during the summer.

Technology companies are often seen as revolving doors of constantly shifting personnel. Whether they are seeking a better work environment or chasing a higher paycheck, these staff changes can hurt an organization’s progress. Worse yet, the customers are often negatively impacted by these changes in the continuity of established relationships.