Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Just like shopping on Black Friday, AWS re:Invent has become a post-Thanksgiving tradition for some of us at Datadog. We were excited to join tens of thousands of fellow AWS users and partners for this annual gathering that features new product announcements, technical sessions, networking, and fun. This year, we saw three themes emerge from the conference announcements and sessions.

Another day, another legitimate cloud service exploited for a cyber espionage campaign… Researchers at ESET recently discovered Dolphin, a previously unreported backdoor used by the North-Korean threat actor APT37 (AKA ScarCruft and Reaper) against selected targets. The backdoor, deployed after the initial compromise using less sophisticated malware, was observed for the first time in early 2021, during a watering-hole attack on a South Korean online newspaper.

Sometimes in the comms team here at Netskope I hear fantastic tales that are not yet approved for public consumption. The frustration is very real when I hear of a creative customer implementation that cannot yet be told to the wider world. But today I have contrived a clever way to be able to share one of these stories with a veil of anonymity, ahead of a bigger effort to craft a case study for full public consumption.

Using unique passwords is one of the best practices for securing online accounts, but trying to memorize dozens of passwords across all your applications is nearly impossible. A password manager helps to protect access to online accounts by securely storing credentials. In this article, we discuss the features and benefits of a reliable password manager and how they work.

Digital payment systems are quickly becoming the norm. The speed and convenience of apps like PayPal and Apple Pay have led businesses and consumers to move away from cash, but this efficiency comes at a cost. These digital platforms are also attractive to cybercriminals. Mitigating any vulnerability starts with understanding how threat actors target it. With that in mind, here’s how cybercriminals take advantage of digital payment systems, and what you can do to stay safe.

In the world of security, authentication, and authorization methodologies are foundational aspects of defense. Authentication techniques protect against unlawful entry to systems through the verification of a user, and authorization either grants or denies the verified user’s access level.

Passwords are the most widespread form of authentication on different platforms and systems. Still, companies and users often do not prioritize creating strong passwords and continue to opt for simple and very weak passwords in the eyes of cybercrime professionals.