In the last phishing blog we discussed how modern phishing works on the frontend. Read on to find out how threat actors can easily find and authenticate a suitable domain by modifying both Gophish and Evilginx to evade security controls In the last phishing blog we discussed how modern phishing works on the frontend. Here we go behind the scenes to dissect how to configure and authenticate a good domain for your phishing campaign using Apache as Reverse Proxy. Excited? You caught the hook, read on!

The world of software development has been rocked by JavaScript. With nearly every modern web app making extensive use of JavaScript on the front end. And with JavaScript’s popularity also on the backend with Node.js, it’s hardly surprising that new vulnerabilities are emerging daily, given the sheer volume of open source project dependencies being used by JavaScript developers. The culprit? It all comes down to the free-ware NPM packages installed within Node.js.

Three million Android users may have lost money and had their devices infected by spyware, after the discovery that the official Google Play store has been distributing apps infected by a new family of malware. French security researcher Maxime Ingrao described last week on Twitter how he had discovered the new malware, named “Autolycos”, and how it signs up users to premium services.

Snyk recently partnered with the Linux Foundation to produce a report focusing on the state of security in the open source software (OSS) space. The report was based on 550+ survey responses and 15 interviews with OSS maintenance and cybersecurity experts. Following the report’s publication, experts from Snyk held a webinar with the Linux Foundation to discuss some of the key insights.

The Metaverse is defined as a network of connected virtual worlds that use virtual reality (VR) and/or augmented reality (AR) technologies to offer a more immersive experience for users.

“Hey, did you read about (blank)?” Keeping up with the barrage of news is just one of our many daily distractions from work. Toss in our personal obligations and other stressors – all fighting for space in our minds – and making a dent in the to-do list is often harder than we expect.

“PII” stands for personally identifiable information. Hackers often target personally identifiable information for a variety of reasons: to steal a customer’s identity, take over an account, launch a phishing attack, or damage an organization. As a result, there is a multitude of regulations concerning PII protection. Before your company approaches meeting these regulations, it’s important to have a firm understanding of the data you will be protecting.

Protecting and managing Google Cloud environments just got easier. Rubrik Cloud Native Protection is now available on Google Cloud Marketplace. Since 2019, Rubrik has been a trusted Google Cloud partner helping organizations enable data protection, automation, granular search, and world-class Zero Trust data security in the cloud. Rubrik helps organizations become cyber resilient through data immutability, logical air gapping, end-to-end encryption, and granular role-based access control.

Software-as-a-service (SaaS) is becoming the dominant way enterprises access digital tools. While this delivery method has many advantages, from scalability to consistent security updates, it can create significant vulnerabilities if developers and users aren’t careful. Organizations today use more than 100 SaaS apps on average, and that figure keeps climbing.