The automotive industry is experiencing challenge and change from all sides. Automotive OEMs are working to better understand the changing customer journey in relation to their products, and identifying profitable growth opportunities through the integration of digital technology into all areas of the business.
Code that an organization’s developers create is only the beginning of modern software development. In fact, first-party code is likely to be only a small proportion of an application – sometimes as little as 10% of the application’s artifact ecosystem. An enterprise’s software supply chain is made of many parts, from many sources: open source packages, commercial software, infrastructure-as-code (IaC) files, and more.
The BlackCat/ALPHV ransomware is a complex threat written in Rust that appeared in November 2021. In this post, we describe a real engagement that we recently handled by giving details about the tools, techniques, and procedures (TTPs) used by this threat actor. Firstly, the attacker targeted an unpatched Microsoft Exchange server and successfully dropped webshells on the machine.
For most companies, security and IT systems are growing in complexity, breadth of scope, and coverage, which consumes budget and staff time. The rapid breakdown of the traditional perimeter in this “new normal” world increases the challenges IT teams and remote users face on a daily basis.
AT&T Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.
In August 2022, password management company LastPass fell victim to a cyberattack, in which hackers breached its systems and stole its source code. LastPass’s success is built around offering secure, trustworthy software, so a hack like this could be seen as a knock against the company — but it also impacts wider public trust in password management software.
Before the world transitioned to digital-first onboarding due to cellphones, high-speed internet, and a pandemic; Banks, financial institutions, and other organisations could verify identities by physically comparing a person’s face to a photo ID. Of course, one could hardly just accept the certification at face value—no pun intended.
Jeff Martin, vice president of product for Mend, was recently interviewed by Michael Vizard from the Techstrong Group. In a fascinating conversation on application security debt, the two shed a spotlight on the insufficiencies of the current security stance of many companies and the budgetary pressures that might be influencing them.
File integrity monitoring (FIM) started back in 1997 when Gene Kim launched Tripwire and its “Change Audit” solution. Just a few years later, Change Audit became FIM; this rebranded tool worked with the 12 security controls identified in Visa’s Cardholder Information Security Program (CISP). CISP became PCI DSS 1.0, and things continued to evolve after that. Which brings us to the present day.
