Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On February 15th, our friends at Semgrep hosted a meet up for the OWASP community at their beautiful office in San Francisco. Application security professionals and developers in the San Francisco tech community showed up to discuss what has been working for them, what isn’t working, and upcoming trends in the world of application security. In this short recap, we’ll explore some of the topics discussed by Semgrep’s Kyle Kelly and our very own Aviram Shmueli.

The success of any application or cloud security initiative depends on developer buy-in, so they can fix vulnerabilities before arriving in production. So why can it be challenging to empower developers to secure their code early? The answer is simple: security is usually slow. Developers are motivated to deliver innovative features faster than their competitors, so introducing new processes into the CI/CD pipeline that slow them down could understandably be met with resistance.

This blog article summarizes a talk given by David Melamed, Jit CTO, at Pycon DE & PyData 2022 in Berlin. In every software development project, before even writing the first line of code, you gotta pick an architecture for your repo. Picking an architecture is not easy. There are many tradeoffs that need to be considered and this choice will impact future development.

Cyjax has continued to observe the emergence of data-leak sites (DLSs) for extortion and ransomware groups, with ContFR, Argonauts, Kairos, Chort, and Termite, appearing November 2024 alone. Cyjax has identified the emergence of a Tor-based DLS belonging to a new, self-called “cybercrime group” named ‘Funksec’. This group has claimed 11 victims so far and advertises a free Distributed Denial-of-Service (DDoS) tool.

The old adage “knowledge is power” holds especially true in the realm of AppSec. By remaining aware of the potential threats to applications and closing gaps in coverage, AppSec teams can demonstrate to leaders that they are in a solid position to protect vital assets. However, visibility is riddled with challenges, not the least of which are highly productive developers racing to market, often using AI-generated code that contains potential security issues.

Trust is the foundation of the open source community — but what happens when that trust is betrayed? When a backdoor vulnerability was found in a widespread Linux-based data compression tool, it nearly created an opportunity for malicious actors to seize control of countless computers worldwide. The vulnerability was introduced by a trusted contributor who, after years of building rapport with maintainers, ultimately exploited that trust.

Cloud computing is no longer just a choice—it’s a necessity for modern organizations aiming to thrive in today’s business environment. Infrastructure scalability, cost management, and multi-layered security are driving organizations toward cloud solutions. But finding the right partner to guide this transition is often the biggest challenge. High Point Networks, an established IT services provider, successfully tackled this challenge by partnering with 11:11 Systems. The result?

Trustwave has launched two additional Microsoft Security accelerators designed to quickly increase an organization’s security maturity and identify potential cost-saving initiatives. The new accelerators are focused on Microsoft Purview and Microsoft Entra ID.

In 2024, Thanksgiving (November 28), Black Friday (November 29), and Cyber Monday (December 2) significantly impacted Internet traffic, similar to trends seen in 2023 and previous years. This year, Thanksgiving in the US drove a 20% drop in daily traffic compared to the previous week, with a notable 33% dip at 15:45 ET. In contrast, Black Friday and Cyber Monday drove traffic spikes. But how global is this trend, and do attacks increase during Cyber Week?

A year ago, Bitsight TRACE published a blog post on Socks55Systemz,a proxy malware with minimal mentions in the threat intelligence community at the time. In that post, we correlated a Telegram user to the botnet operation and estimated its size at around 10,000 compromised systems. After a year-long investigation, we are shedding new light on these conclusions.