Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Read also: A fraudster extradited from Ukraine to the US, french police dismantle coco chat website linked to cybercrime, and more.

CDK Global, a company that provides software for thousands of auto dealers, was hit by back-to-back cyberattacks on June 19. These attacks led to an outage that continued to impact many of their sales operations on Friday, according to the Associated Press. CDK told multiple news outlets that it is "actively investigating a cyber incident," and the company shut down all of its systems out of an abundance of caution.

In the rapidly evolving fields of large language models (LLMs) and machine learning, new frameworks and applications emerge daily, pushing the boundaries of these technologies. While exploring libraries and frameworks that leverage LLMs for user-facing applications, we came across the Vanna.AI library – which offers a text-to-SQL interface for users – where we discovered CVE-2024-5565, a remote code execution vulnerability via prompt injection techniques.

As workforce productivity increasingly depends on web-based applications, browsers have become essential gateways to the “connectivity economy.” According to recent data, 93% of desktop internet traffic in 2023 traversed through four popular web browsers.

The US FBI and the Department of Health and Human Services (HHS) have released a joint advisory warning of a social engineering campaign that’s targeting the healthcare industry. “Threat actors are using phishing schemes to steal login credentials for initial access and the diversion of automated clearinghouse (ACH) payments to US controlled bank accounts,” the advisory states.

France’s cybersecurity agency ANSSI has issued an alert outlining a Russian spear phishing campaign targeting French diplomats, the Record reports. The agency attributes the campaign to “Nobelium,” a threat actor tied to Russia’s Foreign Intelligence Service (the SVR).

The threat of phishing attacks looms larger than ever. The LA County Department of Public Health recently announced that 50 employees fell victim to phishing attacks, compromising sensitive patient data. These deceptive schemes have become a staple in the cyberthreat landscape, targeting individuals and businesses of all sizes. For every employee, understanding the signs and consequences of a phishing attack is crucial to safeguarding their organization.

Container security is crucial in the age of microservices and DevOps. Learn about common container vulnerabilities, container security scanning, and popular tools to secure your containers in this comprehensive guide.

As developers, we often have to work with REST APIs when we integrate with third-party systems or connect between frontend and backend systems at work. APIs, and REST APIs in particular, are a fundamental part of modern web applications, allowing us to create, read, update, and delete data over HTTP. However, as with any technology, they come with their own set of security challenges. Let's break these challenges down and understand how to secure REST API applications.