Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For the next interview in our series speaking to technical leads from around the world, we’ve welcomed experienced cybersecurity specialist and author Greg Scott.

APIs have become a vital part of doing business. Organizations increasingly rely on the use of APIs for day-to-day workflows, particularly as cloud applications become something of a mainstay. A recent report found that the average number of APIs per company increased by 221% in 2021. Not only are APIs impossible to ignore, but the need to invest in API security cannot be overlooked. The trend in usage is closely followed by opportunists seeking ways to exploit vulnerabilities for their gain.

Read also: Microsoft fixes a Windows zero-day, the US sanctions Iranian hackers linked to ransomware attacks, and more.

For many workers, accessing the tools required to do their jobs is a hassle. This ‘login fatigue’ could be putting your business at risk as employees find less secure workarounds to complete tasks, or, in some cases, give up on a task altogether.

Global survey shows cybersecurity was the top business priority for organizations that use tools that enable the search of data across multiple sources It’s time to re-evaluate how we define the term “search.” Today, search has far broader applications than those of a standard search engine query. That’s especially true when it comes to cybersecurity.

At the beginning of the Russia-Ukraine conflict, KillNet - a Russian cybergang - began actively collecting open-source intelligence (OSINT), which drew interest from various threat actor groups. Heightened interest in the OSINT data led to additional actors joining , growing its membership to include not only Russian cyber criminals, but uniting other cyber gangs sympathetic to Russia.

Cybersecurity and Infrastructure Security Agency’s (CISA) has released their 2023-2025 Strategic Plan, its first comprehensive strategic plan since the agency was created four years ago. “This is an important step in planning and preparing to combat the evolving cyber threats,” said Bill Rucker, president of Trustwave Government Solutions (TGS). “I appreciate the emphasis on working with the private sector in the plan.

Millions of dollars have been stolen from healthcare companies after fraudsters gained access to customer accounts and redirected payments. In a newly-published advisory directed at the healthcare payment industry, the FBI warns that cybercriminals are using a cocktail of publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare portals, payment information, and websites.

After a two-year hiatus, the Gartner Security and Risk Management, London is back! I had the privilege of attending a number of sessions, spending time talking with analysts and digesting some of the latest cybersecurity trends and strategies, including the Top Cybersecurity Predictions for 2022-2023 from Gartner. Two themes that stood out to me were security service edge (SSE) and extended detection and response (XDR) Below are some of my key takeaways from this year’s conference.

On August 9, 2022, we released a blog post about a phishing campaign where attackers were abusing Google Sites and Microsoft Azure Web Apps to steal cryptocurrency wallets and accounts from different targets, namely Coinbase, MetaMask, Kraken, and Gemini. The attackers were abusing SEO techniques to spread the pages and using advanced techniques to steal data, such as using live chats to interact with victims.