The exploitation of cloud services is a flexible weapon in the hands of attackers, so flexible that we uncover new campaigns abusing legitimate apps on a daily basis.

Recent reports reveal that up to 165 customers of Snowflake, a prominent cloud data warehousing platform, have fallen victim to a sophisticated data breach and extortion campaign. This ongoing operation, identified by cybersecurity firm Mandiant as UNC5537, underscores broader implications for cybersecurity practices in cloud environments. Understanding the UNC5537 Campaign.

Most likely, your organization leverages cloud computing because of its practical advantages: flexibility, rapid deployment, cost efficiency, scalability, and storage capacity. But do you put enough effort into ensuring the cybersecurity of your cloud infrastructure? You should, as data breaches and leaks, intellectual property theft, and compromise of trade secrets are still possible in the cloud.

Jerald Dawkins is the Chief Technology Officer (CTO) for CISO Global and has founded and exited several cybersecurity companies, including True Digital Security and TokenEx, LLC, both based in Oklahoma. (True Digital Security was acquired by CISO Global in January 2022.) He currently holds three (3) patents in the cybersecurity field.

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are impersonating its employees in an attempt to commit fraud. In an alert posted on the CISA website, the organisation warned that so-called impersonation scams are on the rise. An impersonation scam is any type of fraud where a criminal pretends to be a trusted individual or organisation to dupe a victim into handing over personal information or money or taking an unwise action.

In the rapidly evolving digital landscape, the maturity of an organization's Application Security (AppSec) program is not just beneficial; it's imperative for resilience at scale and reducing security debt accumulation. Since software is increasingly central to business operations, the need for robust AppSec programs has never been more critical. Here’s a guide to understanding the various stages of AppSec maturity and how to evolve through them for effective risk management.