Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Researchers at Barracuda have observed an increase in phishing attacks that abuse popular content creation and collaboration platforms. These include online graphic design platforms and document-sharing services widely used by educational institutions and businesses. “The analysts found that attackers are sending out emails from these platforms, featuring legitimate-looking posts, designs, and documents, but with embedded phishing links,” the researchers write.

Imagine the worst-case scenario: a healthcare security leader receives a call in the dead of night, informing them that their network has been breached and all systems are down. Even a minor data breach in the healthcare sector can jeopardize patients’ personal health information (PHI), leading to identity theft, medical fraud, financial loss, or even the disruption of critical, life-saving medical services.

At swampUP 2024 in Austin just a few days ago, we explored the EveryOps Matters approach with the crowd of developers, driven by a consolidated view from their companies’ boardrooms and 2024 CIO surveys. The message was clear: “EveryOps” isn’t just a strategy or tech trend — it’s a fundamental, ongoing mindset shift that must drive developers’ proactive actions in an ever-evolving software landscape. It’s not optional; it’s essential.

Top tips is a weekly column where we highlight what’s trending in the tech world today and list ways to explore these trends. This week, we’re looking at four ways you can minimize your attack surface. Organizational IT infrastructure is now more spread out, multi-layered, and complex than ever.

At Obrela , our mission is to keep your business in business. And we achieve it by protecting and preventing malicious attacks from cybercriminals. When we onboard new clients, we are often asked to explain the difference between MDR and MSSP. Both options offer managed cybersecurity processes. However, there are some key differences between MDR and MSSP.

The “Zero-Day” term highlights the critical nature of the threat, as the system remains exposed until the vulnerability is addressed. Attackers aim to exploit this gap before a fix can be implemented. Below are some terms to clarify.

In today’s interconnected world, cyber threats continue to evolve at a rapid pace. As businesses grow more reliant on digital systems and services, the cyber security attack surface—the totality of an organisation’s digital exposure—has expanded, increasing the risks faced by security teams. The complex nature of these threats calls for a more adaptive and responsive approach to security, particularly in identifying and mitigating vulnerabilities before they can be exploited.

If you give attackers an inch, they will take a mile. That’s essentially what happens when there are minor flaws in your web applications – these flaws leave one inch of your system’s doors open. Before you know it, sophisticated threats like directory traversal come crawling. Currently, there are 55 different directory traversal vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog.