A scam operation called “Estate” has attempted to trick nearly a hundred thousand people into handing over multi-factor authentication codes over the past year, according to Zack Whittaker at TechCrunch. The scammers target users of Amazon, Bank of America, Capital One, Chase, Coinbase, Instagram, Mastercard, PayPal, Venmo, Yahoo and more.

Rapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack. The Black Basta ransomware group, also covered in a recent CISA warning bulletin, floods a victim’s email inbox with many, many emails. The emails are often otherwise legitimate emails, such as newsletter confirmation emails, which most email content filtering gateways would not block.

Read also: MIT brothers charged with a $25M crypto theft, BreachForums hacking forum seized, and more.

An organization’s software supply chain includes all the elements involved in developing and distributing software, such as components, tools, processes, and dependencies. Each link in this important chain presents the potential for security threats. Recent research conducted by Gartner shows a major increase in attacks targeting code, tools, open-source components, and development processes, particularly in areas where organizations lack visibility.

As technology becomes more complex, the need for strong cybersecurity measures has never been more critical. Statistics speak for themselves – according to the 2023 Annual Data Breach Report, the world has seen a 78 percent increase in 2023 in data compromises compared to the previous year. The reasons can be different – from human mistakes and ransomware to security misconfigurations.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! A request for an eye watering amount received an obvious rejection.

Law enforcement agencies worldwide have coordinated to take down one of the world’s largest hacker forums, scoring a victory against cybercrime. BreachForums, a notorious marketplace for stolen data, was seized by the authorities on Wednesday, according to a message on its website.

It’s been a while since I’ve blogged. Things have been busy; Bitsight released a great report authored by yours truly on CISA’s KEV catalog. It’s really great if I do say so myself so I highly recommend going and giving it a glance.

In the modern era of digitized operations, even non-tech companies must prioritize cybersecurity and operational resilience. This especially applies to industries where security is of paramount importance, such as the financial industry.

In this guide, we'll walk you through integrating CyberArk Conjur with GitGuardian, step by step.