Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Researchers at Akamai describe a credential phishing campaign that’s been running since at least March 2022. Due to the volume of traffic to the phishing sites, the researchers estimate that the attackers are raking in up to $150,000 per year by selling the stolen credentials. “This ongoing research led to the discovery of multiple templated sites used as front-ends for the scam infrastructure that have been tied to more than 40,000 malicious routing domains,” the researchers write.

The question “What is cybercrime?” is more critical today than ever. Advancements in tech, oversharing on social media, and even the latest AI innovations have significantly increased the risk of cyberattacks. Just look at the statistics. Ransomware attacks grew by 92.7% in 2021 compared to 2020. As internet connectivity and usage grow globally, cybercriminals are becoming more brazen in targeting unsuspecting victims.

By enabling code signing, you can guarantee that only trusted code is executed within your functions. Lambda meticulously examines each code package during deployment and verifies that a reliable source has signed it. Please note that code signing is not supported for functions defined as container images. This means that code signing cannot be utilized if you use container images for your Lambda functions.

Data Security Posture Management (DSPM) plays a critical role in identifying security risks, prioritizing misconfigurations, and implementing a zero-trust framework. It is an emerging technology, and there are only a few capable solutions that provide good product offerings. Check out the list of some of the best DSPM platforms that can be considered to streamline data protection, governance, and compliance efforts.

The May 12, 2017, WannaCry ransomware attack was one of the most devastating and globally widespread computer infections. The next WannaCry is prepared and about to occur in 2023, claims Kaspersky. The potential reason is that the biggest and most devastating cyber epidemics happen every six to seven years. Here are some helpful tips to stay protected against WannaCry ransomware.

The latest Verizon Data Breach Investigations report indicates that over 70% of data breaches involved the human element. Cybercriminals exploit people to trick them into clicking unsafe links, opening malicious attachments, entering their credentials into bogus login pages, sharing sensitive data, and authorizing fraudulent fund transfers. One area where many exploits take place is on social media platforms.

The General Data Protection Regulation (GDPR) is a set of privacy and security standards put into effect by the European Union (EU). Widely accepted as the world's strictest security and privacy law, GDPR imposes regulations on organizations that target or collect data relating to people in the EU. European Parliament signed GDPR into law in 2016, requiring all organizations to comply by May 2018.

Endpoint Detection and Response (EDR) alerts are what happens when an EDR system decides that event data from an agent installed on an endpoint, or several endpoints, shows a potential threat. This doesn’t mean that every EDR alert is a malicious event in progress. Many are “false positives” or malicious behaviour that is actually not a threat.

If you had to choose a security measure that would make the most difference to your cyber program right now, what would it be? Maybe you’d like to get another person on your team? Someone who is a skilled analyst, happy to do routine work and incredibly reliable. Or perhaps you’d prefer an investment that would give your existing team members back more of their time without compromising your ability to find and fix threats? What about human intelligence without human limitations?

DevSecOps is an impeccable methodology that combines development, operations (DevOps), and security practices in the Software Development Lifecycle (SDLC). In this methodology, security comes into play from the beginning and is a shared responsibility instead of an afterthought. However, with the ever-evolving digital landscape, and continuous use of third-party and open-source components, DevSecOps teams need to fortify this methodology to minimize the risk and make their software more resilient.