Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Zloader returns from hiatus, VexTrio brokers malware for over 60 affiliates, and Kasseika ransomware launches BYOVD attacks.

This month's release roll-up for product updates and enhancements includes AI-driven Document Summaries and Q&A - ‘Ask’ Tab, Advanced Watermarking, and Share File and Folder Links. Below is a summary of these and other new releases. Visit the articles linked below for more details.

Security teams are busier than ever, so it’s no surprise that practitioners are using podcasts to keep up to date with cybersecurity news, ideas, and tools. The data backs this one up - according to the 2023 Voice of the SOC report, 83% of security professionals listen to at least one security podcast. So which podcasts are practitioners listening to? Our report, which surveyed 900 security professionals in the US and Europe, identifies 9 frontrunners.

Since the start of 2024, Egress’ threat intelligence team has seen a 109% increase in Salesforce phishing attacks using what appears to be a legitimate email domain linked to Salesforce that impersonates Meta. Leveraging obfuscation techniques to mask a malicious URL, attackers are attempting to drive users to a very convincing spoof of a Meta ‘Partner Portal’ to harvest their credentials.

Managed security services are growing across all regions. Companies are placing greater emphasis on cybersecurity and traditional MSPs have added these services to their offerings to meet this need.

It’s said that life truly begins when you step out of your comfort zone. Living in California provides me with many options for hiking and trekking, a perfect backdrop for spending time with nature and enjoying it with friends and family. As a hiking and nature enthusiast, I have done many moderately challenging trails in and around the Bay Area – my comfort zone.

Application programming interface (API) security is critical for retailers increasingly reliant on cloud technology. However, they also open potential gateways for cyber threats, making robust security protocols essential to protect sensitive data and maintain customer trust. The complexity of retail systems, which often involve numerous third-party integrations, can create multiple points of vulnerability.

Businesses today are generating vast amounts of data every hour, and harnessing this information strategically is crucial for making informed decisions. Data warehousing plays a pivotal role in this process, providing a centralized repository for organizing, storing, and analyzing data. With a plethora of tools available, it can be difficult to determine which solution is best for you.

Microsoft PowerShell is a ubiquitous piece of software. It’s also, unfortunately, a major attack vector for threat actors. Once a threat actor has initial access into a network, they can utilize the commands and scripts components of PowerShell to conduct reconnaissance or inject fileless malware into the network. This activity is so common it’s continually listed as one of the top tactics, techniques, and procedures (TTPs).

Sysdig’s seventh annual Cloud-Native Security and Usage Report identifies how customers are developing, using, and securing cloud-native applications and environments. We analyze data from millions of containers and thousands of accounts and publish the most pertinent information for you. Security practitioners and leaders look forward to this report to identify trends and make adjustments to their cloud security strategy.