Help Net Security
Threat actors increasingly use third parties to run their scams
Abnormal Security released new research that showcases a rising trend in financial supply chain compromise as threat actors impersonate vendors more than ever before. In …
Properly securing APIs is becoming increasingly urgent
Imperva released a new study that uncovers the rising global costs of vulnerable or insecure APIs. The analysis of nearly 117,000 unique cybersecurity incidents estimates that …
Python packages with malicious code expose secret AWS credentials
Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network interface information, and …
How phishing attacks are becoming more sophisticated
The latest APWG’s Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks—the worst quarter for phishing observed …
Clearview fine: The unacceptable face of modern surveillance
The UK’s Information Commissioner’s Office (ICO) has issued its third largest ever fine of £7.5m. It was imposed on Clearview AI, the controversial facial recognition company …
Cybercriminals use Azure Front Door in phishing attacks
Resecurity, Inc. (USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. The identified resources in …
48% of security practitioners seeing 3x increase in alerts per day
Panther Labs surveyed 400 active security practitioners, primarily, security analysts and security engineers, to reflect the “boots on the ground” perspective for security …
Week in review: Log4Shell exploitation, DevSecOps myths, 56 vulnerabilities impacting OT devices
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: QNAP NAS devices hit by DeadBolt and ech0raix ransomware Taiwan-based QNAP …
What stolen info can be bought off the dark web, and for how much?
Privacy Affairs researchers concluded criminals using the dark web can get a complete set of a person’s account details, enabling them to create fake IDs and forge private …
iPaaS: The latest enterprise cybersecurity risk?
iPaaS apps are vulnerable because they transport highly sensitive data from core systems, include many different third-party apps in the process, and often lack security tools …
How companies are prioritizing infosec and compliance
New research conducted by Enterprise Management Associates (EMA), examines the impact of the compliance budget on security strategy and priorities. It describes areas for …
Risky behavior reduced when executives put focus on identity security
Managing identities accessing enterprise resources has become significantly more complicated over the last several years. Between the increasing number of identities, the …
Featured news
Resources
Don't miss
- China-linked Murky Panda targets and moves laterally through cloud services
- Five ways OSINT helps financial institutions to fight money laundering
- DevOps in the cloud and what is putting your data at risk
- Russian threat actors using old Cisco bug to target critical infrastructure orgs
- AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged