In this blog post, Kelsey Sevening, Sr. Manager, Project Management at Tines shares what customers can expect when engaging with our professional services team to help them reach their goals faster. When it comes to investing in professional services, the quality of the experience can vary widely. While some customers might have exceptional experiences and others less so, most find themselves somewhere in the middle.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats by the SafeBreach Labs team. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

Before Crowdstrike caused the world to melt down for a few days, the talk of the security town was a recent OpenSSH vulnerability (CVE-2024-6387). Dubbed by its celebrity name regreSSHion, it is a Remote Code Execution vulnerability in some versions of OpenSSH discovered by the Qualys Threat Research Unit on July 1, 2024. Specifically, versions of OpenSSH compiled against the glibc library, which is to say “probably most of them”, were impacted.

In this episode of Trust Issues, we dig into the recent the global IT outage caused by a CrowdStrike software update, which impacted millions of Microsoft Windows endpoints and disrupted many sectors. This “black swan” event highlights, among other things, the importance of preparedness, adaptability and robust crisis management.

APIs are increasingly becoming the target of choice for attackers. According to the key findings stated in the 2024 Gartner Market Guide for API Protection, "APIs — especially shadow and dormant ones — are causing data breaches among organizations that, on average, exceed the magnitude of other breaches.

What does Agile have to do with improving security? A lot! Explore highlights from Agile2024, including technical health, productive meetings, and addressing shadow IT.

In today’s digital landscape, cyber threats are constantly evolving and becoming more sophisticated. Attackers are finding new ways to breach security defenses and exploit vulnerabilities. As technology advances, so do the tactics and techniques used by cybercriminals. Gone are the days when simple antivirus software and firewalls were enough to protect against cyber threats.

New data on how the threat of AI in cyber crime is being seen as a growing risk provides insight into how organizations are shifting from reaction to prevention. According to endpoint security vendor Deep Instinct’s Voice of SecOps report, 97% of organizations are concerned they will suffer a security incident as a result of adversarial AI. The advent of new malicious LLM-based AI platforms are allowing cybercriminals to get their hands on sophisticated tech and create convincing deepfakes.

In the ever-evolving world of cybercrime, ransomware attacks continue to be a lucrative business for cybercriminals. The latest development comes from the Dark Angels ransomware group, who have reportedly secured a staggering $75 million ransom payment from an undisclosed victim. This eye-watering sum shatters the previous record of $40 million paid by insurance giant CNA Financial in 2021, setting a new and alarming benchmark in the ransomware landscape.

SQL injection (SQLi) is one of the most severe security vulnerabilities in web applications. It occurs when an attacker is able to manipulate the SQL queries executed by an application by injecting malicious SQL code into user input fields. SQLi can lead to unauthorized access to sensitive data, data corruption, or even complete control over the database server.

Ransomware has evolved significantly since its inception. Initially, these attacks were relatively simple: malware would encrypt a victim's files, and the attacker would demand a ransom for the decryption key. However, as cybersecurity measures improved, so did ransomware gangs' tactics. Modern ransomware attacks often involve sophisticated techniques such as data exfiltration, where attackers steal sensitive information before encrypting it.

Burnout happens when job demands such as workload, time pressure, and difficult clients are high, as well as when job resources, including quality leadership, autonomy and decision authority, recognition, and strong relationships, are lacking. The field of cybersecurity is particularly difficult, but that doesn't mean burnout is inevitable, and it doesn't mean you can't recover after experiencing burnout.