Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Misconfigurations leave the door open to cybercriminals, which can lead to a range of serious problems, unauthorized access, loss of sensitive information, and disruption of services. In fact, many major data breaches are caused by misconfigurations. Alert to these dangers, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) recently released a joint advisory to warn about the most common cybersecurity misconfigurations in large organizations.

We’ve made several improvements to the attack surface data visible from the overview, such as new IPs and both covered and uncovered assets. We’ve also improved your interaction with fingerprinted technologies across your attack surface.

Ready to go truly passwordless? Starting today, anyone can join our public beta and create a new 1Password Individual account using a passkey.

As we gear up for the holiday season and prepare to hit the online shops for some last-minute online gifts, now is the perfect time to refresh our memories about the importance of staying safe online during this busy shopping season. Along with some festive fun, we still want to spread the importance of staying safe online, as this is prime time for Christmas scams and frauds. So we made these cyber security posters with your online security in mind with a Christmas twist of our unique sense of humor.

With over 50,000 in attendance, AWS re:Invent 2023 had generative AI taking center stage at keynotes, race cars, and robots wowing at the Expo. Once again, Snyk showed up in a big way. Some of our highlights included being awarded the AWS ISV Partner of the Year in EMEA and UKI, achieving AWS Security Competency, and several new integrations with AWS services. Best of all, we got to meet all of you!

The landscape of coding is changing as developers embrace AI, automation, microservices, and third-party libraries to boost productivity. While each new approach enhances efficiency, like a double-edged sword, flaws and vulnerabilities are also introduced faster than teams can fix them. Learn about one of the latest innovations solving this in a recap of what our security experts discussed at AWS re:Invent 2023.

Software package hijacking has become a prominent concern for individuals, businesses, and the cybersecurity community at large. We’ve seen this new threat trend rise over the past couple of years, with the potential to severely impact the software supply chain by attackers exploiting software packages to execute malicious code. This blog post details a case study conducted by our security research team, in an effort to trace the typical time before a package hijack is detected.

As the holiday season comes into full swing, it’s estimated that cyberattacks go up by as much as 30% during this period. To help increase cyber resilience—and stay vigilant well into the new year—SecurityScorecard is sharing some of our key AI predictions for 2024 based on the trends we’ve observed this past year.

Read also: Microsoft takes legal action against cybercrime syndicate, the UK imposed first-ever sanctions for cyber fraud, and more.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Its not new to send Google Forms out for phishing, but another wave is incoming. As always, don’t click on links without checking first…