Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The U.S. and South Korean governments have issued a joint advisory outlining a North Korean phishing campaign, The Register reports. The threat actor, known as “Kimsuky,” is targeting “individuals employed by research centers and think tanks, academic institutions, and news media organizations.”

If you’re working towards a stronger security posture to become an organization that’s worthy of customer trust, your vendors are going to play an increasingly important role. ‍ In this article, we’ll give you an overview of vendor management and walk through what a robust vendor management process looks like. ‍ ‍

Security is an increasingly critical aspect of application development. As the volume of applications rapidly expands, so does the volume of source code, components, and dependencies used to create them. With them comes a growth in the potential attack surface and an escalation in the variety of threats to your application security.

Enhancements to network security within organizations have made it harder for threat actors to penetrate networks and systems. As a result, people have become the primary target for cyberattacks, with email providing the most effective mechanism for launching these attacks. This leads to all employees within an organization being frequently targeted by phishing attacks.

We are thrilled to announce the launch of WatchGuard Advanced EPDR as part of our Unified Security Platform® architecture. Now available in WatchGuard’s distribution channels, WatchGuard Advanced EPDR is tightly integrated within WatchGuard Cloud and ThreatSync, delivering valuable visibility and intelligence while fortifying cross-product detection and response.

12 of the most prominent banks gathered at Tel Aviv Stock Exchange (TASE) on May 31st, 2023, to participate in Project Eden, a highly-anticipated PoC of the first digital government bond issued by the Israeli Ministry of Finance. International and domestic banks – Barclays, BNP Paribas, Deutsche Bank, Goldman Sachs, J.P.

APIs were already ubiquitous in driving modern applications. However, the pandemic has further accelerated growth in innovation and expansion of digital services, making APIs even more widespread. In today’s world, rapid innovation would not be possible without secure APIs. Attacks on APIs are increasing exponentially. Gartner suggests API abuses are the most significant attack vector since 2022. Hence securing APIs is more critical than ever in the past.

CircleCI is a platform that enables continuous integration and delivery of software projects. It allows teams to automate their software development process by building, testing, and deploying their code changes in a consistent and reliable manner. In this blog post, we will explore the Tactics/Techniques/Procedures (TTP) of how environment variables that house sensitive credentials and secrets can be exfiltrated using Circle CI.

A phishing campaign is using hyperlinked images in order to trick users into visiting malicious sites, according to Jeremy Fuchs at Avanan. The emails contain images that offer gift cards or promotions for Delta or Kohls. “Obfuscation is a gift to hackers,” Fuchs says. “It allows them to pull off a magic trick. It works by hiding the true intent of their message. In this case, it’s a picture. The picture is meant to entice the user to click.

Discover the importance of including public GitHub monitoring in your external attack surface management strategy to mitigate the risk of sensitive information exposure. Learn the steps to protect your organization from potential breaches in this blog post.