Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Multiple reports in the media, including in Bloomberg US Edition, allege that Russian-associated cybercrime group Killnet is responsible for a series of distributed-denial-of-service (DDoS) attacks during the week of October 6 that took several state government and other websites offline. While most of the websites were restored within 48 hours, these volumetric attacks can leave even the most secure sites paralyzed and susceptible to further damage.

The impact of ransomware attacks on healthcare is as alarming as it is under-addressed. The United States healthcare system alone faces an annual burden of nearly $21 billion due to these attacks. It pays well over $100 million in ransoms, and is beginning to acknowledge the tragic realities of impacted patient care, including higher patient mortality rates. For every headline related to cyberattacks, there are likely hundreds more that go unreported.

If you’re responsible for security, then you know how useful it is to have clearly-defined security policies that are simple to implement, scale, and verify. Product and AppSec teams know that great security policies empower teams to work autonomously so that work moves forward as it should. However, validating that your security policies are actually implemented is difficult.

Not everything on your attack surface is a vulnerability. Every organization has their own internal security policies that align with the risk tolerance of their business context. While industries like SaaS are often deploying several daily releases to production from multiple geographies, other industries might not tolerate this level of risk due to internal or external factors like complex regulatory requirements.

Read also: Microsoft fixes a Windows zero-day, Mango Markets DeFi platform robbed of over $100M, and more.

MSPs are being targeted by cybercriminals, as a single successful attack opens the door to multiple victims. This puts additional pressure on cybersecurity partners to step up the security services they offer their customers. The figures are worrying, as 9 out of 10 managed service providers state they have suffered a successful cyberattack since the start of the pandemic. This means MSPs are overtaking end users as the main target of malware, ransomware, phishing and other threats.

In a new article for HelpNet Security, Leon Juranic, security research team lead at Mend, states the case for taking proactive defensive steps against a new attack called Evil-Colon. Evil-Colon works similarly to the now defunct Poison-NULL-Byte attacks, and it has the potential to cause severe disruption to your code if not properly addressed. What does all this mean? In a nutshell, it’s possible to exploit applications that are performing path-based operations with user input in various ways.