The FBI has issued a warning to US retailers about a financially-motivated malicious hacking ring that has been targeting employees with phishing attacks in an attempt to create fraudulent gift cards. Staff at the corporate offices of US retail companies have been the target of highly-sophisticated email phishing and SMS phishing ("smishing") attacks. These attacks attempt to gain access to employee accounts, IT systems, and cloud services used by the company.

As a business owner or IT professional, you understand the importance of protecting your company’s sensitive data, systems and reputation from cyber threats. One of the most effective ways to uncover vulnerabilities and strengthen your organisation’s security posture is through penetration testing, particularly white box penetration testing.

Retail and hospitality businesses prioritize delivering exceptional customer service and growing revenue. Just as their mission relies on a service-oriented staff and quality products, it also requires secure and reliable connectivity. A high performing and secure network enables retailers to offer consistent and positive consumer interactions across online and physical stores around the world.

A cloud-based application security assessment (or ASA) is a systematic evaluation to identify vulnerabilities and improve security in cloud applications. It aims to ensure the application’s structural, design, and operational integrity against all cyber threats. A staggering 82% of data breaches in 2023 involved data stored in the cloud.

Bad bots, hackers, and other malicious agents can be tracked by a huge volume of metrics – session activity, HTTP headers, response times, request volume & cadence, and more. This complexity has created a market for siloed, complex, and extremely expensive tools. In contrast, Coralogix can consume simplistic data, like CDN logs, and derive complex, dynamically changing scores. When coupled with built-in cost optimization and the wider platform features, this makes a very compelling case.

With the advent of digital technology that makes its way into every sphere of our lives, software’s reliability and integrity are particularly important. Hackers never stop trying to gain unauthorized access and exploit application weaknesses to achieve their goals and gain from outact. This can mean peril respectively for individuals and organizations.

Privilege escalation in AWS refers to the unauthorized elevation of user privileges within the AWS environment, allowing users to access resources and perform actions beyond their intended level of permissions. This security risk would arise in case the attackers utilize the vulnerabilities or misconfigurations in AWS services, IAM policies, or access controls to take up privileges above the current level.

The highly competitive digital setting that we have today requires modern software applications to serve as the foundation of business operations, communication, and service innovation. However, this agility has some risks since outsourcing part of application development to external tools and libraries implies that the organization can unintentionally introduce vulnerabilities that cybercriminals can use against them.

If you need to reach PCI DSS 4.0 compliance, GitGuardian has solutions that can help.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Ah, so you’ve seen those random shops that pop up on unrelated domains?