Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On May 11th, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released an advisory highlighting the active malicious exploitation of CVE-2023-27350 in PaperCut MF and PaperCut NG software by a threat actors including one known as the Bl00dy Ransomware Gang. The US-CERT Alert (AA23-131A) Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG includes detailed information about this investigation (along with attacker TTPs and IOCs).

After tons of hard work, your company has successfully completed a SOC 2 audit and received a well-deserved SOC 2 report! Congratulations! Receiving your SOC 2 attestation is no easy feat, and it’s a significant milestone that demonstrates your company’s commitment to security and trust assurance. If you’re not sure what to do next, no worries – the hard part is done.

Open source code is everywhere, and it needs to be managed to mitigate security risks. Developers are tasked with creating engaging and reliable applications faster than ever. To achieve this, they rely heavily on open source code to quickly add functionality to their proprietary software. With open source code making up an estimated 60-80% of proprietary applications’ code bases, managing it has become critical to reducing an organization’s security risk.

Cybersecurity, privacy and data flows will be key topics at this year’s G7 in Japan. Against this backdrop, it has been a year since last year’s amendments to the Act on Protection of Personal Information (APPI) introduced revised data breach reporting and cross-border data flow rules. Meanwhile, developments in the Asia-Pacific (APAC) region have introduced data localization obligations in a variety of countries.

New data from the U.K.’s Office of National Statistics shows that this often overlooked scam has grown significantly in interest – likely because it pays off. If you’re not familiar with this kind of scam, it’s pretty simple: the scammer presents the victim with an opportunity for a grant, a prize – something of value – but requires a small payment up front (often called a processing fee, etc.).

As cyber attacks continue to grow in sophistication, frequency, cyber insurers are expecting their market to double in the next two years. I’ve spent a lot of time here on this blog educating you on attack specifics, industry trends, and the impacts felt by attacks. I’ve also talked quite a bit about cyber insurance and the trends therein. But seldom have we been able to combine the two and present the state of cyber attacks from an insurer’s perspective.

A phishing (by email) and smishing (by SMS text) operation in Madrid, Seville and Guadalajara has been taken down by the National Police of Spain.

In today’s Trust Issues episode, Dusty Anderson, a managing director of Global Digital Identity at the consulting firm Protiviti, digs into all things DevSecOps and cautions against a one-size-fits-all approach. In conversation with host David Puner, Anderson emphasizes the significance of strategic planning and well-defined goals – demonstrating how bite-sized steps can add up to major security wins and bottom-line benefits over time.

Read also: A British hacker pleads guilty to the 2020 Twitter hack, China reports the first arrest over the use of AI, and more.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. This is bad. Really, really bad…