Threat actors impersonate HR in seasonal phishing campaign, Zloader receives new features and capabilities, and new details emerge about Secret Blizzard.
With the exponential expansion of AI, bad actors are frothing at the mouth. Advanced technology for automating social engineering techniques that previously required technical know-how is now within arm’s reach of anyone with a keyboard. Attempts to exploit and deceive are more common than ever, and they are emptying business’s pockets. In 2023, 800 businesses worldwide reported fraud losses totaling 6.5% of their revenue, amounting to $359 billion.
The rise of Non-Human Identities (NHIs) — think APIs, bots, service accounts, and machine identities — has expanded the attack surface in ways we’re only beginning to understand. NHIs now outnumber human identities in enterprise environments, often by a staggering ratio. While they streamline processes, enable scalability, and facilitate automation, these identities also present significant security risks.
Launched as an internal project by Spotify in 2016, Backstage was released under the Apache 2.0 open source license in 2020 to help other growing engineering teams deal with similar challenges. Backstage aims to provide a consistent developer experience and centralize tools, documentation, and services within a single platform.
Next time you’re outside on a clear night, look up at the stars and start counting. Chances are you’ll lose track, skip over some or completely forget where you started—there are just so many. Now imagine that vast sky is your enterprise, and each sparkling dot represents an identity (or account). Can you find them all—let alone secure them? If you’re like most organizations out there, the answer is no.
In 2020, scalper bots made headlines by hoarding PlayStation 5 consoles. Lockdowns and online-only sales allowed bots to dominate the market, leaving frustrated consumers empty-handed. Today, scalper bots are even more dangerous. Criminal groups behind these operations have evolved. They are organized, professional, and focused on more sustainable targets: low-value items in massive quantities.
While GitHub offers robust features, preventing data loss risks requires proactive measures. It’s vital as businesses increasingly rely on GitHub for source code management, safeguarding repositories against data loss, breaches, and operational disruptions. This overview explores the 15 most common data risks and provides actionable strategies for securing repositories and maintaining seamless development workflows. Contents hide 1 Risk 1. Accidental deletion of repositories 2 Risk 2.
We’re officially in the final days of 2024, a year so eventful it feels difficult to remember half of what happened. We had the Olympics in Paris, which turned the world into fans of sharpshooting, breakdancing, and the pommel horse; a solar eclipse visible in totality from the US for the first time since 1979; and a monthslong, very impassioned rap battle between Kendrick Lamar and Drake.
Restricting access to critical data and systems is the backbone of strong organizational cybersecurity. Zero standing privileges (ZSP) is an access management strategy that helps organizations limit access to resources as much as possible in order to minimize cybersecurity risks. In this article, we’ll explore the elements of a ZSP strategy, explain the risks related to standing privileges, and examine how to implement ZSP in your organization.
In 2024, we shipped numerous features to help security teams manage their growing attack surface. Some examples are Domain Connectors for continuous discovery, a new Integrations platform for greater flexibility, and a Domains page for unprecedented control over attack surface data. Read on to explore our highlights of this year, check out the top vulnerabilities that made headlines, and discover what lies ahead in 2025.