-
5 best practices to ensure the security of third-party APIs
PRIVACY PRIVACY When organizations consider application programming interface (API) security, they typically focus on securing APIs that are written in-house. However, not all the APIs that companies use are developed internally, rather some are designed and developed by other organizations. The problem is that many companies don’t realize that using third-party APIs can expose their…
-
LockBit Makes $91m from US Victims in Two Years
PRIVACY PRIVACY Allied security agencies reveal figure in new advisory Read More
-
Security culture improving in businesses despite factors holding teams back
PRIVACY PRIVACY The vast majority of CISOs have observed positive security culture gains in their organizations in the last year despite a perceived dip in the quality of overall security posture, according to the 10th annual Information Security Maturity Report published by ClubCISO and Telstra Purple. The research surveyed 182 members of ClubCISO, a global…
-
Smashing Security podcast #326: Right Royal security threats and MOVEit mayhem
PRIVACY PRIVACY There are shocking revelations about a US Government data suck-up, historic security breaches at Windsor Castle, and the MOVEit hack causes consternation. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s…
-
Attackers set up rogue GitHub repos with malware posing as zero-day exploits
PRIVACY PRIVACY In an unusual attack campaign, a hacker has been setting up rogue GitHub repositories that claim to host zero-day exploits for popular applications but which instead deliver malware. The attacker also created fake GitHub and Twitter accounts posing as security researchers and even used real photos of researchers from well-known cybersecurity firms. “The…
-
Malicious Actors Exploit GitHub to Distribute Fake Exploits
PRIVACY PRIVACY The perpetrators went to great lengths to make their profiles appear genuine Read More
-
The Future of Technology: AI, Deepfake, & Connected Devices
PRIVACY PRIVACY The dystopian 2020s, ’30s, and ’40s depicted in novels and movies written and produced decades ago blessedly seem very far off from the timeline of reality. Yes, we have refrigerators that suggest grocery lists, and we have devices in our pockets that control seemingly every function of our homes. But there aren’t giant…
-
PII Exposed: Unauthenticated IDOR in WooCommerce Stripe Plugin
PRIVACY PRIVACY The vulnerability affects versions 7.4.0 and below of the WordPress plugin Read More
-
Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign
PRIVACY PRIVACY Researchers investigating an Office 365 account compromise resulting from an adversary-in-the-middle (AitM) phishing attack found evidence of a much larger global attack campaign that spans the past year and is possibly tied to an infostealer malware called FormBook. “In the past few years, Sygnia’s IR teams have engaged in numerous incidents in which…
-
Talking cybersecurity on “Learning Curve”
PRIVACY PRIVACY Earlier this year I was invited by Vodafone to appear on an episode of “Learning Curve”, a series for founders, business leaders and – indeed – those who wish to be a business leader. You won’t be surprised to hear that the topic I was being asked about was cybersecurity Read More