The total number of phishing attacks doubled in 2020, with phishing for cloud credentials, specifically SaaS and webmail app credentials, accounting for nearly a third of the targets of phishing campaigns. Over the same period, we saw cybercriminals hosting 13% of their baits in cloud apps. This blog post summarizes the top phishing trends from 2020 and looks forward at what to expect for the rest of 2021.

Inherent risks include all risks that are present without any security controls. Residual risks are the risks that remain after security controls are implemented. Residual risks are inevitable. Even with an abundance of security controls, vestiges of residual risks will remain that could expose your sensitive data to cyber attacks.This is because the proliferation of digital transformation expands the digital landscape, creating more attack vectors.

Attacks against operational technology (OT) and industrial control systems (ICS) grew dramatically in the past few years. Indeed, a 2020 report found that digital attacks against those two kinds of assets increased by over 2000% between 2018 and 2020. Many of those attacks involved vulnerabilities in Supervisory Control and Data Acquisition (SCADA) systems and other ICS hardware components or password spraying techniques.

King & Wood Mallesons (KWM) is among the world’s most innovative law firms and is represented by 2,400 lawyers in 28 locations across the globe. The international law firm, based in Australia, helps clients flourish in Asian markets by helping them understand and navigate local challenges and by delivering solutions that provide clients with a competitive advantage.

The recent executive order calling for immediate improvements in the federal government’s cybersecurity is impressive. I give the Biden Administration a lot of credit for publicly admitting there are significant problems and weaknesses in the federal government’s IT and cybersecurity infrastructure and practices. The order also includes some key points that are significant for Devo and our customers.

Scalpers are becoming increasingly sophisticated, not just in their use of advanced bots, but also in less obvious ways to get a hold of their desired goods. Here at Netacea we are dedicated to preventing fraud by monitoring, identifying and stopping malicious bots in their tracks. We are so steadfast in this goal that we have even created a MITRE ATT&CK style framework that defines automated attack kill chains – NetBLADE (Netacea Business Logic Attack Definition).

Security and speed in software development are not mutually exclusive. Red Hat, the open source software giant, and the Synopsys Software Integrity Group are joining forces to prove it. Synopsys is bringing Seeker®, its automated interactive application security testing (IAST) tool, to Red Hat application runtimes like JBoss EAP, OpenJDK, and WebSphere with OpenShift Container Platform to secure a variety of software applications.

NIST is the abbreviated name of the National Institute of Standards and Technology. It’s one of many federal agencies under the U.S. Department of Commerce, and is one of the oldest physical science laboratories in the United States. As a non-regulatory government agency, NIST was originally founded to enable greater industrial competitiveness in the United States. Its focus stems from the mantra, “One cannot manage what is not measured.

As announced last week by our good friends at the Node.js Foundation, Snyk has agreed to take over from the amazing Node.js ecosystem vulnerability disclosure program. As a company that’s been part of this program from a very early stage — and has been inspired by it to create our own multi-ecosystem disclosure program — it is a great honor to have been entrusted with this responsibility, and we thank the Node.js Foundation sincerely for their trust in this matter.