A threat actor sends an email to a user at an organization claiming to be from the IT department. They need a password to a critical application, and the email is convincing – it mentions aspects of the application that would only be known to the user, it brings up a recent update email that was sent out company wide, and it even closes with a friendly, “Hope to see at next week’s happy hour!” in the sign-off.

We are delighted to announce that UpGuard has once again been recognized as the Leader in Third-Party and Supplier Risk Management Software by G2. The publication of G2's Summer 2024 report marks eight consecutive quarters were UpGuard was named a Category Leader. Established in 2012, G2 is a trusted resource for software reviews and customer feedback. It guides over 90 million users, including employees from all Fortune 500 companies, in making informed software choices.

The European Union has taken a significant step by introducing a directive to update the EU’s civil liability law that extends the definition of "defective products" to include software. These pivotal liability rules hold manufacturers accountable for harm caused by software vulnerabilities, urging them to prioritize cybersecurity and compliance. Here’s how manufactures should think about navigating these new compliance challenges.

Initial access brokers (IABs) facilitate access for ransomware groups, data brokers, and advanced persistent threat groups (APTs) into corporate networks. They operate in an established, lucrative market, often on cybercriminal forums which are characterised by rigid rules and conventions. Our report explaining the illicit activities of IABs can be viewed here.

Security misconfigurations are a common and significant cybersecurity issue that can leave businesses vulnerable to data breaches. According to the latest data breach investigation report by IBM and the Ponemon Institute, the average cost of a breach has peaked at US$4.35 million. Many data breaches are caused by avoidable errors like security misconfiguration. By following the tips in this article, you could identify and address a security error that could save you millions of dollars in damages.

DevOpsDays Chattanooga 2024 delivered key insights on collaboration, security, and agile workflows with engaging talks, ignite sessions, and open discussions.

APIs are the backbone of interconnected applications, enabling organizations to innovate, integrate, and scale rapidly. However, as enterprises continue to expand their digital ecosystems, they often encounter a common and complex challenge: API sprawl. Unchecked, API sprawl can lead to increased security risks, inefficient resource utilization, and the frustrating experience of redundant or hard-to-locate services across teams. Postman details the explosive growth in APIs in their State of API report.

As businesses increasingly turn to artificial intelligence (AI) to enhance innovation and operational efficiency, the need for ethical and safe implementation becomes more crucial than ever. While AI offers immense potential, it also introduces risks related to privacy, bias, and security, prompting organizations to seek robust frameworks to manage these concerns.

Cyjax recently identified a new financially-motivated extortion group going by the name Kairos, which shares data stolen from its victims on a data-leak site (DLS). An alleged spokesperson for the group, named ‘KairosSup’ made a bid on an initial access broker (IAB) listing on a prominent Russian-language cybercriminal forum. It is of note that the spokesperson’s name is likely styled after the representative of prolific ransomware group LockBit, who is called ‘LockBitSupp’.