SCARLETEEL, an operation reported on by the Sysdig Threat Research Team last February, continues to thrive, improve tactics, and steal proprietary data. Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control architecture.

Software supply chain attacks have become a major concern for organizations in recent years, as cybercriminals increasingly target third-party software components and libraries used to build applications. These attacks can have devastating consequences, including data breaches, theft of intellectual property, and disruption of business operations. In this article, we will explore the growing threat of software supply chain attacks and discuss strategies for mitigating the risks.

Today’s companies operate in a complex security environment. On the one hand, the threat landscape is growing. Bad actors are becoming more and more refined as they get access to new tools (like AI) and offerings (like hacking-as-a-service). On the other hand, companies are dealing with more sensitive data than ever before. This has prompted consumers and regulators alike to demand for better security practices.

As they say, when it rains, it pours. Recently, we observed more than 3,000 phishing emails containing phishing URLs abusing services at workers.dev and pages.dev domains.

Software today relies heavily on open source, third-party components, but these reusable dependencies sometimes inadvertently introduce security vulnerabilities into the code of developers who use them. Some of the most serious vulnerabilities discovered in recent years—like the OpenSSL punycode vulnerability, Log4Shell (Log4j), and Dirty Pipe (Linux)—reside in popular open source packages, making them so widespread that they could compromise almost the entire software ecosystem.

CEO and Co-Founder of Entitle, Ron Nissim recently had the opportunity to be a guest speaker on the renowned podcast, "Identity at the Center." Hosted by industry experts Jim McDonald and Jeff Steadman, this informative podcast focuses on identity security within the context of identity and access management (IAM). With their extensive experience in the field, Jim and Jeff bring listeners insightful conversations, industry news, and interviews with key figures from the identity management industry.

Imagine a world where you trust no one, not even those closest to you. Sounds harsh, right? But when it comes to cybersecurity, this exact mindset is the driving force behind the Zero Trust Security model. This revolutionary approach to security is challenging traditional perimeter-based methods, focusing on securing users, devices, and data – no matter where they are. Ready to uncover the secrets of Zero Trust Security? Let’s dive in!

With the proliferation of data breaches and cyber-attacks, developers must take a proactive approach to security. BoxyHQ's Security Building Blocks for Developers are designed to help developers build and deploy secure applications with minimal effort and expertise. In addition to their core products security teams are finding it hard to keep pace with new no-code and low-code apps that are being created in the company.