Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Observing the ongoing conflict between Russia and Ukraine, we can clearly see that cyberattacks leveraging malware are an important part of modern hybrid war strategy. While conventional warfare is conducted on the battlefield and limited by several factors, cyber warfare continues in cyber space, offering the chance to infiltrate and damage targets far behind the frontlines. Russia utilized cyberattacks during the initial phase of the invasion in February.

In this post, we’ll look at the security blindspots of lockfile injection that a Ruby gem might expose via its Gemfile.lock. As a prelude to that, we will open up with a brief introduction to Ruby and third-party dependencies management around RubyGems and Bundler. Web developers often work on Ruby projects, but are mostly referring to them as the popular open source web application framework Ruby on Rails.

It seems like every week another household brand announces that they’ve been the victim of a data breach. Recently, cloud communications company Twilio announced that its internal systems were breached after attackers obtained employee credentials using an SMS phishing attack. Around the same time, Cloudflare, a content delivery network and DDoS mitigation company, reported that its employees were also targeted but their systems were not compromised.

At the heart of almost every business interaction lies trust. Whether logging in to a website, providing information over the phone, or interacting via email, trust is essential when the communication involves money, sensitive data, or both. To win a victim’s trust, gain access to a secure system, receive sensitive data, or insert malicious software, cybercriminals use various tools and tactics to mask their identity or disguise their devices. These tactics are the foundation of a spoofing attack.

Managing a small business can often feel like having 100 tabs open at once. Between handling client relations, organising taxes, and keeping up with day-to-day operations, cybersecurity (particularly data security) tends to fall along the wayside. Not because business owners don’t care, but because there is simply too much to care about. For small businesses, priorities often lie with directing their resources toward creating sustainable revenue streams.

CrowdStrike today unveiled the next evolution of CrowdStrike’s industry-first IOAs: artificial intelligence (AI)-powered IOAs.

Creating and running an application in your favorite language is usually pretty simple. After you create your application, deploying it and showing it to the world is also quite straightforward. The last thing you need is someone to take over your system and fully control your brand new application. In this article, I’ll explain how this can happen with a reverse shell attack. Note that the code examples in this article are for educational purposes only.

Cyberattacks are constantly changing. That you know. But how are they changing? And which types of threats are the most prominent today? Those are the real questions you need to answer to stay ahead of modern security risks. Keep reading for a primer on the most prevalent types of cyber security threats in 2022, along with insights on how to build a defense strategy against them. (For a comprehensive view, check out our cybersecurity threats explainer.)