Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Wall Street Journal today revealed that North Korea's hacker army managed to steal a huge amount of cryptocurrency amounting to $3 billion to finance their nuclear program. US officials have confirmed this news. These hackers have a highly sophisticated method of operating. A specific example of their actions involved using a fake job offer to trick a startup into losing over $600 million. By posing as potential employers, they social engineered someone who was hopeful for a better job.

Hybrid cloud takes the capabilities of the public and various private cloud options and merges them, allowing businesses to host different workloads within different environments depending on their performance, security, and resource needs. Companies leveraging a hybrid cloud strategy promote business competitiveness and agility, allowing them to respond to changes in resource demands quickly.

Iran's uranium enrichment facilities were some of the most high-security buildings in the world. Not just with physical checkpoints and guards, but with air-gapped digital defenses. All of that security became moot in 2010 when Stuxnet devastated the facility.

A Denial of Service (DoS) attack will prevent your legitimate users from accessing your API. The attack could be physical, such as unplugging network cables, but a Distributed DoS is more prominent. It involves generating a volume of user requests from various machines to overwhelm your servers. DDoS attacks can result in a loss of $50,000 of revenue due to downtime and mitigation.

Verizon's 2023 DBIR shows trends for incidents and breaches from the last year. Read our recap to see how credential leakage is helping malicious actors gain entry.

The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) is undergoing a major update. The NIST CSF is one of the most widely used frameworks to help organizations understand and manage their cybersecurity risks. The NIST CSF was released as version 1.0 in 2014, updated to version 1.1 in 2018, and will be updated to version 2.0 early next year. NIST recently released a draft of CSF version 2.0.

“Technology trust is a good thing, but control is a better one.”

On Tuesday, June 6, 2023, Barracuda announced that all ESG appliances compromised via CVE-2023-2868 must be immediately replaced, regardless of the current patch version. Barracuda ESG is an email security gateway that manages and filters inbound and outbound email traffic within an organization’s network. On May 18, 2023, Barracuda identified CVE-2023-2868 after being alerted to anomalous traffic originating from ESG appliances.

In the rapidly evolving digital landscape, ensuring robust application security is paramount for organizations. With the emergence of AI-powered attacks and other sophisticated threats, it is crucial to integrate comprehensive Application Security Testing (AST) into the Software Development Lifecycle (SDLC).

In today’s digital landscape, the importance of application security cannot be overstated, as businesses worldwide face evolving cyber threats. Both defenders and attackers are now harnessing the power of Artificial Intelligence (AI) to their advantage. As AI-driven attacks become increasingly sophisticated, it is crucial for organizations to adopt a comprehensive approach to application security that effectively addresses this emerging threat landscape.