Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 15, the FBI arrested an individual suspected of being the notorious Pompompurin, the admin of one of the most popular cybercrime forums today – BreachForums.The individual is a 21-year-old, Conor Brian Fitzpatrick who federal agents claim admitted to being the famous Pompompurin. Pompompurin is a famous cybersecurity individual which whom anyone in the community is familiar. The BreachForums is still up and running and is currently managed by another admin named Baphomet.

Due to economic pressures, staffing reductions, and lack of available talent, CISOs today are facing extreme pressure to do more with less. And retaining your best employees during tough times is becoming a major challenge across industries. Research at Devo shows SOC analysts are feeling stressed over too much work and not enough resources. In fact, more than 71% of SOC professionals we surveyed said they’re likely to quit their job because of information overload and lack of tools.

Java is a top-notch software development technology, that gets highly used for curating desktop, mobile, and web-based applications. According to enlyft, 455,000+ companies are using applications based on java. But, with the introduction of newer technologies, hackers have become more competent in breaching and java apps are one of their primary targets. And the main reason behind it is the occurrence of loopholes in it, including the Spring4Shell/Springshell vulnerability.

A disaster recovery plan (DRP) is a set of detailed, documented guidelines that outline a business’ critical assets and explain how the organization will respond to unplanned incidents. Unplanned incidents or disasters typically include cyber attacks, system failures, power outages, natural disasters, equipment failures, or infrastructure disasters.

Organizations face a growing number of external cyber threats that are becoming increasingly sophisticated and harder to detect. With the rise of remote work and cloud-based technologies, organizations’ attack surface has expanded significantly, making it difficult for security teams to maintain a strong defensive posture.

The NBA is a national sports league that manages many different leagues under its umbrella of organizations. The league has the NBA 2K League, NBA, Basketball Africa League, the WNBA, and the NBA G League. Each of these different organizations trusts the company with their information, and each one could have been exposed in the recent data leak by the company.

On March 2nd, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint Cybersecurity Advisory (CSA) – #StopRansomware: Royal Ransomware. We highly encourage everyone in a security role to read the Advisory, as it contains recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Royal ransomware.

In today’s digital world, identity theft and fraud have become increasingly common occurrences. It is no secret that fraudsters are getting more creative, making it more challenging for businesses and individuals to protect themselves. However, with the advent of technology, there are various ways to mitigate these risks, such as using government databases for ID verification.

Corporate IT infrastructure has become crucial to the success of the modern business. Disruption in the availability of corporate applications and services will impact employee productivity and business profitability. Companies are responsible for the resiliency of their own IT systems and this includes ensuring the constant availability of critical business applications for employees, customers, and partners.

Security Week 2023 is officially in the books. In our welcome post last Saturday, I talked about Cloudflare’s years-long evolution from protecting websites, to protecting applications, to protecting people. Our goal this week was to help our customers solve a broader range of problems, reduce external points of vulnerability, and make their jobs easier. We announced 34 new tools and integrations that will do just that.