Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The JFrog Security research team constantly monitors the npm and PyPI ecosystems for malicious packages that may lead to widespread software supply chain attacks. Last month, we shared a widespread npm attack that targeted users of Azure npm packages. Over the past three weeks, our automated scanners have detected several malicious packages in the npm registry, all using the same payload.

In our new threat briefing report, Forescout’s Vedere Labs analyzes an Emotet sample, presents a list of IoCs extracted from the analysis and discusses mitigation. Emotet is the name of both a cybercrime group and a malware loader it distributes. The group is also known as MUMMY SPIDER, while the malware is also known as Geodo or Heodo.

‍Yes, even basic technology like SIM cards poses the risk of getting hacked. Today, cell phones have almost become tiny supercomputers, so users must learn how to secure their mobile phones. From social engineering scams to SIM hijacking, sensitive data can easily become compromised without adequate cybersecurity awareness. Learn more about why SIM card hacking is on the rise and how you can prevent it from happening.

It’s 3pm on a Wednesday, and you’re really just done with the week already. You hear that “ping” from your Slack and know that you set notifications for direct messages only, which means, ugh, you have to pay attention to this one. It’s your boss, and she’s telling you to check your email. Then you see it, the dreaded audit documentation request. This will take you the rest of today and most of tomorrow.

Cyber security risks have never been more apparent and costly. According to the survey data, the average cost to the U.S. organizations that experienced a cybersecurity breach in 2020 was approximately 8.64 million dollars per incident, up almost a half-million dollars from 2019. Rates of cyber security attacks and identity theft have significantly increased and seem to be only becoming easier for hackers and cybercriminals.

Ever need to share a password with someone, maybe a friend, a contractor or a business associate but they don’t have a Keeper account? Keeper is pleased to announce the launch of One-Time Share, a new feature that lets Keeper users securely share records with anyone on a time-limited basis, without the recipient having to create a Keeper account.

Once a malicious actor has gained initial access to an internal asset, they may attempt to conduct command and control activity.

Privileged account management is the process of identifying, controlling and monitoring privileged accounts and their associated activity. Privileged accounts are typically high-level administrator accounts that have broad access rights across an organisation’s IT systems. Because of their elevated level of access, these accounts pose a significant risk if they were to fall into the wrong hands.

In Q1 2022, Kroll observed an 54% increase in phishing attacks being used for initial access when compared to Q4 2021. For the first time since the Microsoft Exchange vulnerabilities in Q1 2021, email compromise surpassed ransomware as the top threat incident type observed.

NIST (National Institute of Standards and Technology) is a federal agency under the responsibility of the US Department of Commerce. Established in 1901 to promote innovation and industrial competitiveness in the US, NIST helps organizations advance measurement science, technology, and standards to improve the quality of life for citizens and enhance economic security.