Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Companies spend a huge amount of their budget trying to build, manage, and protect cloud environments. Since there is no industry standard for sharing data feeds between development and security, each team is on an island trying to figure out how to keep their side of the room clean. The most robust security incident response teams understand the incredible value of using observability telemetry for security workflows, but are unsure how to make it happen in practice.

Data privacy under GDPR is crucial in today's digital age. With increasing data breaches, understanding and protecting personal information is vital. The General Data Protection Regulation (GDPR) plays a significant role in safeguarding personal data and Personally Identifiable Information (PII). GDPR, implemented in 2018, sets strict guidelines on data protection for individuals within the EU.

On July 17, 2024, SolarWinds published a security advisory detailing multiple critical vulnerabilities in its Access Rights Manager (ARM) software. These vulnerabilities were responsibly disclosed to SolarWinds by researchers working with Trend Micro’s Zero Day Initiative (ZDI). The vulnerabilities have CVSS scores ranging between 7.6 to 9.6. The disclosed vulnerabilities allow for remote code execution (RCE), directory traversal, information disclosure, and authentication bypass.

Drawing on extensive proprietary research, Trustwave SpiderLabs believes the threat actors behind the Facebook malvertising infostealer SYS01 are the same group that developed the previously reported Rilide malware. Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01 – Part 2 lays out evidence tying the latest Rilide (V4) version to SYS01. The report noted the code from the two malware types overlaps in too many areas to be a simple coincidence.

This month's product updates and enhancements rollup includes Egnyte Copilot, Copilot for Mobile, and eSignature Templates. Please visit the articles linked below for more details.

Stay tuned for more Chrome extension updates coming later in August. We’ll be sure to keep you updated here.

Drawing on extensive proprietary research, Trustwave SpiderLabs believes the threat actors behind the Facebook malvertising infostealer SYS01 are the same group that developed the previously reported Rilide malware. Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01 – Part 2 lays out evidence tying the latest Rilide (V4) version to SYS01. The report noted the code from the two malware types overlaps in too many areas to be a simple coincidence.

Ransomware risk is top of mind for citizens and CISOs alike. From the board room to the room known as the ‘SOC’, everyone is feeling the pain of disruption. Being locked out of a system and forced back to pen and paper is shocking to our working lives. Too often, it is delaying a much-needed surgery or forcing manual intervention where a digital avenue was easy and efficient. But the effects of ransomware don’t appear to be going anywhere soon.

There are new generation of attack threats that AI has made much more dangerous (e.g. phishing, deep-fake schemes, and other AI-based attacks). There are also new crypto-related threats to be aware of, including attacks based on smart contract vulnerabilities, threats against exchanges, logic flaws, and more.

Application Programming Interfaces (APIs) are the connecting tissue that enables the communication between applications, internal and external, and facilitate data exchange on a massive scale. In a world where information is the crown jewel of an organization, APIs are driving the delivery of digital services to customers and partners. While their usage is already exploding, the growing popularity of cloud-native technologies and microservices has only accelerated API adoption.