Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Sedara Named to MSSP Alert's 2024 List of Top 250 MSSPs

Sedara Named to MSSP Alert’s 2024 List of Top 250 MSSPs Eighth annual list reveals leading MSSP, MDR and MSP security companies The Top 250 MSSPs for 2024 honorees were announced on October 15 at MSSP Alert Live. The 2024 MSSP Top 250 list reveal marks the first time the list has been unveiled at MSSP Alert’s annual live event. Honorees will also be celebrated at an evening party that coincides with MSSP Alert Live. Sedara was ranked among the Top 250 MSSPs for 2024.

New IDC InfoBrief + downloadable CISO checklists

Tl;dr: This blog discusses IDC’s 2024 study, “The Future of Access Management: Identity Security Requirements for a Modern Application Access Approach.” The study identifies the biggest challenges facing security leaders today, especially those exacerbated by hybrid work. Below are IDC’s findings as well as downloadable checklists that security practitioners can use to address the security gaps in their organizations.

LLM Prompt Injection 101

Prompt injection attacks exploit vulnerabilities in natural language processing (NLP) models by manipulating the input to influence the model’s behavior. Common prompt injection attack patterns include: 1. Direct Command Injection: Crafting inputs that directly give the model a command, attempting to hijack the intended instruction. 2. Instruction Reversal: Adding instructions that tell the model to ignore or reverse previous commands. 3.

Vulnerability-Free C and C++ Development in Automotive Manufacturing and Software Defined Vehicles (SDV)

The automotive industry is at a unique inflection point in its history with the advent of the Software Defined Vehicle (SDV). During the Society of Automotive Engineers (SAE) World Congress held in Detroit April 16th - 18th, 2024, it was explicitly stated there is more than a $500 billion market that will see investment in R&D and technological advancements for the automotive industry.

How to Protect Your IoT and OT Devices from Cyberthreats

The rise of the Internet of Things (IoT) and Operational Technology (OT) devices is reshaping industries, accelerating innovation and driving new efficiencies. However, as organizations increasingly depend on these devices, the security challenges associated with them are mounting. Traditional security measures often fall short in protecting these critical assets from cyberthreats, leaving organizations vulnerable to potentially severe disruptions.

Beyond the Code: Why API Security Matters More Than Ever in Tech

API security has become a critical focus for organizations in the technology sector as the reliance on APIs (Application Programming Interfaces) continues to grow rapidly. APIs are the foundation of modern applications, facilitating communication between software systems, integrating services, and driving innovation. However, as the use of APIs expands, so do the associated security risks.

Attackers Target Crypto Wallets Using Codeless Webflow Phishing Pages

From April to September 2024, Netskope Threat Labs tracked a 10-fold increase in traffic to phishing pages crafted through Webflow. The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for multiple company webmail platforms, as well as Microsoft365 login credentials.

CIS Control 16 Application Software Security

The way in which we interact with applications has changed dramatically over the years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organization's application against it to bypass network security controls and compromise sensitive data.

Defending Against Ransom DDoS Attacks

DDoS attacks have become an annoyance most companies assume they may have to deal with at some point. While frustrating, minor website disruptions from small-scale hacktivist campaigns rarely create substantial business impacts. However, a particularly insidious DDoS spinoff has emerged over the past decade – one aimed at blackmail. This evolutionary milestone stems from what's called Ransom DDoS (RDDoS), likely one of the most outrageous cybercrime weapons targeting businesses globally since 2015.