Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today, as a part of our v27 software release, we are launching enhanced IDS rules management functionality, extending analyst visibility around hosts, devices, users, and more, and upgrading the Corelight Software Sensor to give customers more NDR deployment flexibility.

Credential stuffing is on the rise. The number of annual credential spill incidents nearly doubled between 2016 and 2020, according to the F5 Labs 2021 Credential Stuffing Report. Organizations need to be wary of sophisticated attackers or risk becoming a victim of a credential stuffing attack. As one of the most common account takeover techniques, your team must be equipped with the knowledge necessary to prevent this from happening.

State and local governments can have a tough time employing cybersecurity solutions for reasons that range from the bandwidth it takes to find and vet the right products to the reality of budget constraints.

Cybercriminals have long used Microsoft documents to pass along malware and they are always experimenting with new ways to deliver malicious packages. As defenders, Trustwave SpiderLabs’ researchers are always looking out for new or unusual file types, and through this ongoing research, we uncovered threat actors using a OneNote document to move Formbook malware, an information stealing trojan sold on an underground hacking forum since mid-2016 as malware-as-a-service.

Recently, we’ve noticed an increase in user reports of SMS-based Business Email Compromise (BEC) messages. This seems to be part of a wider trend as phishing scams via text messages surge. The Federal Communications Commission (FCC) observed an increase in unsolicited text messages, with 2022 practically tripling the number of phishing texts reported to the FCC in 2019. Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile.

Security technology is all but ubiquitous. No matter the industry or size, almost every organization employs security technology to keep their systems, assets, and data safe. But, if your industry is retail or healthcare — or you’re a small shop that sells bagels on the town square — your organization may not have the best grip on what your security stack should contain, or if your current one is meeting your security and business needs.

2022 revealed that security challenges remain for organizations leveraging GitHub. Between supply chain attacks, API key leaks, and other security risks, there are plenty of lessons and takeaways from this year’s GitHub-related headlines. In this post, we’ve rounded up and categorized the year’s largest GitHub stories. Read on to learn more about the types of security risks occurring in GitHub and the lessons you’ll want to take with you into 2023 and beyond.

From on-demand healthcare services like telehealth to wearable technologies, predictive healthcare to blockchain technologies for electronic health records, or 5G for healthcare services to AI and augmented reality for state-of-the-art medical treatments, the healthcare industry is at an inflection point. These digital transformations also bring along elevated cybersecurity risks.

Chrome is the world’s most popular web browser—and ChromeOS is becoming more prevalent due to the use of Chromebooks in education and other sectors. In this blog post, we’re going to talk about what this means for security teams, and how LimaCharlie can be used to secure Chrome and ChromeOS.

File uploading is a commonly needed functionality in web applications. Because of this, many web frameworks provide ways to allow server-side applications to accept files and work with them. This is the same with Fastify, which is a Node.js web framework that is often regarded as a successor to Express. It’s fast and highly focused on providing the best developer experience with a powerful plugin architecture and the least overhead possible.