Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Handing out advice on how to secure self hosted MS systems seems not to have been used internally. Ho hum…

As reported widely in the press, the Genesis Market is no more. On Tuesday 4th April 2023, the FBI seized control of the infamous marketplace that’d had hundreds of thousands of stolen digital identities for sale, replacing its login page with a takedown notice and call for further information from its users.

How hard can it be to support custom container image tags? Turns out… quite! I know this because my team has been busy at work on our new custom base image support for Snyk Container, andwe were tasked with the following problem: Given a tag, parse its parts to be able to compare it to other similar tags. It was a fun problem to solve, and we'd love to share how we got to our final solution!

Driving for companies like Uber is always risky, as you never know who you will pick up, where you will have to take them, and if your vehicle could break down. However, drivers should not have to worry about their identities while driving. Uber was just hit by a cyber attack back in December that hurt more than 77,000 employees, and it seems the company is suffering from another serious data loss that could impact some of its drivers, yet again.

Phishing attacks that can evade detection by email scanners are improving their chances of reaching the inbox, thanks to an increase in the use of one specific attachment type. According to new data found in HP Wolf Security’s latest Security Threat Insights Report for Q4 of 2022, 13% of all email threats being sent make their way past layered email security defenses to reach the user’s inbox. This, up from the previously published finding of 11.7% of threats doing so by Acronis.

Over a decade ago, the sketch comedy show Portlandia tried to answer a simple question: why do hipsters put birds on everything? Teapots, tote bags, greeting cards, pillows — even toast. When in doubt, put a bird on it.

Does your company have secret intel that only a few employees can handle? Do you lose sleep over the thought of sneaky hackers getting their grubby little paws on your precious data? Don't take any chances with your business! Level up your security game with privileged access management and keep those cyber threats at bay. Privileged access refers to the rights of specific users, such as IT administrators or executives, to access files, critical systems, or sensitive data.

Attackers who were previously abusing DigitalOcean to host a tech support scam have expanded the operation, now abusing StackPath CDN to distribute the scam, and are likely to start abusing additional cloud services to deliver the scam in the near future. From February 1 to March 16, Netskope Threat Labs has seen a 10x increase of traffic to tech support scam pages delivered by StackPath CDN.

In the era of increasing focus on cyber-security, using only secure software plays an important role. Whether it’s an organization or an individual end-user, everyone is getting more literate about digital well-being. As a result, everyone read out the warnings displayed by systems to protect themselves from malware. Due to it, an Unknown Publisher Warning is also getting seriously considered. And many of the users don’t prefer the software that encounters such alerts.

Two new sets of regulations introduced by the European Union (EU) indicate that the public sector is taking increased interest in improving cybersecurity and resilience. The EU is introducing the Digital Operational Resilience Act (DORA) for financial institutions and the Cyber Resilience Act (CRA) for software and hardware providers, both designed to enforce software security and secure delivery of services.