Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

APIs were already ubiquitous in driving modern applications. However, the pandemic has further accelerated growth in innovation and expansion of digital services, making APIs even more widespread. In today’s world, rapid innovation would not be possible without secure APIs. Attacks on APIs are increasing exponentially. Gartner suggests API abuses are the most significant attack vector since 2022. Hence securing APIs is more critical than ever in the past.

CircleCI is a platform that enables continuous integration and delivery of software projects. It allows teams to automate their software development process by building, testing, and deploying their code changes in a consistent and reliable manner. In this blog post, we will explore the Tactics/Techniques/Procedures (TTP) of how environment variables that house sensitive credentials and secrets can be exfiltrated using Circle CI.

A phishing campaign is using hyperlinked images in order to trick users into visiting malicious sites, according to Jeremy Fuchs at Avanan. The emails contain images that offer gift cards or promotions for Delta or Kohls. “Obfuscation is a gift to hackers,” Fuchs says. “It allows them to pull off a magic trick. It works by hiding the true intent of their message. In this case, it’s a picture. The picture is meant to entice the user to click.

Discover the importance of including public GitHub monitoring in your external attack surface management strategy to mitigate the risk of sensitive information exposure. Learn the steps to protect your organization from potential breaches in this blog post.

Keeper Security has been named “Test Winner” in a group test of leading password managers conducted by CHIP Magazine, a leading consumer technology publication in Germany. In the current edition CHIP 06/2023, the CHIP test center reviewed Keeper’s Personal Password Manager in a comparative test of 10 password management solutions. Keeper was awarded first place with an overall rating of “Sehr Gut” (Very Good) and a score of 1.1 (1.0 is a perfect score).

There are many cybersecurity threats privileged accounts face including phishing, insider threats, malware and brute force attacks. When privileged accounts aren’t managed or secured properly, all of an organization’s sensitive data is vulnerable to being successfully targeted by threat actors. Continue reading to learn how and why cybercriminals target privileged accounts and how organizations can keep their most critical accounts safe.

CrowdStrike incident responders have been at the forefront of investigating impacted victims of CVE-2023-34362. Since the release of the vulnerability, there has been great collaboration across the cybersecurity industry, and this blog will cover novel details for teams investigating the potential impact to their organizations.