Technology

FluBot: Malware as a Service Meets Mobile Phishing

Apr 27, 2021 By Hank Schless In Lookout

Recently, Europeans were hit by an influx of SMS texts claiming to be package delivery notifications. It turns out these messages were orchestrated by threat actors seeking to distribute malicious apps laced with the banking trojan FluBot, also known as Cabassous. Once the victims download the malware, the app can intercept SMS messages, steal contact information and display screen overlays to trick users into handing over their credentials.

Read Post

Lookout

Read more about FluBot: Malware as a Service Meets Mobile Phishing

How a Microsoft Engineer Implemented Veracode for a Large Azure Project

Apr 26, 2021 By Julian Totzek-Hallhuber In Veracode

With the need to produce innovative software faster than ever, and cyberattacks not slowing down, it’s no surprise that, for projects large and small, ensuring the security of your code at every step is key. But if software engineers want to meet these everyday demands with success, it’s important to understand how different security scanning types fit in throughout the development process, and how the needs of your team might impact scans.

Read Post

Veracode

Read more about How a Microsoft Engineer Implemented Veracode for a Large Azure Project

Netskope presentation that won the SASE Showdown

Apr 23, 2021 By Netskope In Netskope

View Video

Netskope

Read more about Netskope presentation that won the SASE Showdown

How to cyber security: 5G is not magic

Apr 23, 2021 By Jonathan Knudsen In Synopsys

5G is faster than its predecessor but that doesn’t change the approach to software security for your applications. Some wild claims have been made about 5G networking. I’ve heard mention of self-healing factories and smart highway systems. While such things might be possible, there’s nothing magical about 5G. In essence, it’s just faster wireless networking than we’ve had before. That’s nice, but hardly revolutionary.

Read Post

Synopsys

Read more about How to cyber security: 5G is not magic

A Real-World Look at AWS Best Practices: Root Accounts

Apr 22, 2021 By Jenko Hwong In Netskope

Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.

Read Post

Netskope

Read more about A Real-World Look at AWS Best Practices: Root Accounts

A hacker's approach to finding security bugs in open source software

Apr 22, 2021 By Jocelyn Chan In Detectify

Spencer Pearlman, Security Researcher at Detectify, presented A Hacker’s Approach to Finding Security Bugs in Open Source Software in a partnered webinar with friends at Debricked. Securing modern web applications takes new approaches, and this includes looking at it from a hacker’s perspective. Here are highlights from the presentation on how tech teams can apply the same hacker mindset to discover vulnerabilities in open-source software in their tech stack.

Read Post

Detectify

Read more about A hacker's approach to finding security bugs in open source software

The Ultimate Guide To OWASP Security Checks for Web and Mobile Apps

Apr 22, 2021 By Appknox

When you are looking for genuine, inexpensive unbiased information to make your application secure, there is no better source to go to than OWASP. OWASP gives you guidelines to the industry's top threats and security best practices that help ensure your applications are secured. Take a look at this FREE OWASP Guide that covers vulnerabilities from both web and mobile to give you a comprehensive overview of your application's security status.

Get EBook

Appknox

Read more about The Ultimate Guide To OWASP Security Checks for Web and Mobile Apps

10 Reasons Why Apple Rejects Apps From The App Store

Apr 22, 2021 By Appknox

Apple is known to employ slightly more stringent norms as compared to its other counterparts as far as Approving apps is concerned.

Get EBook

Appknox

Read more about 10 Reasons Why Apple Rejects Apps From The App Store

Detect unauthorized third parties in your AWS account

Apr 21, 2021 By Justin Massey In Datadog

Detecting when an unauthorized third party is accessing your AWS account is critical to ensuring your account remains secure. For example, an attacker may have gained access to your environment and created a backdoor to maintain persistence within your environment. Another common (and more frequent) type of unauthorized access can happen when a developer sets up a third-party tool and grants it access to your account to monitor your infrastructure for operations or optimize your bill.

Read Post

Datadog

Read more about Detect unauthorized third parties in your AWS account

Cloud SIEM accelerates modernizing security operations across Asia Pacific

Apr 21, 2021 By Paul Wilcox In Sumo Logic

Security operations is now a critical business function tasked with securing digital transformation initiatives, to effectively mitigate evolving attacks and expanding attack surfaces, handle complexity and tool proliferation while teams are continuing to be virtual and distributed.

Read Post