Dropbox is known for being a convenient file sharing and storage tool. For over a decade, Dropbox has allowed teams to collaborate cross- functionally by providing a single source of truth. With files being managed and synced to a central location, teams can work together without issues of version control. Even in a post- Google Drive and OneDrive era, Dropbox remains important, as not everyone uses the same productivity suites.

Since launching in 2015, MITRE’s ATT&CK framework has been the cybersecurity industry standard for understanding cyber-attacks and their kill chains. Now the BLADE framework is set to develop a similar understanding of business logic attacks fueled by malicious bots. In this post, we will look at why MITRE ATT&CK is so important and examine why BLADE is needed now more than ever.

These days, it’s not a matter if your password will be breached but when. Major websites experience massive data breaches at an alarming rate. Have I Been Pwned currently has records from 543 sites comprising 11.4 billion accounts. This includes well-known names like Wattpad, MySpace, and Facebook. This is an 84% increase in the number of sites and a 115% increase in the number of accounts from when I published the first version of this article in 2018.

Attackers have long used phishing emails with malicious Microsoft Office documents, often hosted in popular cloud apps like Box and Amazon S3 to increase the chances of a successful lure. The techniques being used with Office documents are continuing to evolve. In August – September of 2020, we analyzed samples that used advanced techniques like: In January 2021, we examined samples that use obfuscation and embedded XSL scripts to download payloads.

Sometimes the hardest part of any project is getting started. But when it comes to strengthening your security operations program, the escalation of cyberattacks over the last few months have shown us there’s no time to waste. You need to make sure you’re leveraging threat intelligence throughout your security operations to understand your adversaries, strengthen defenses, and accelerate detection and response.

Security and IT teams may be loathe to admit it, but security has historically been mostly a reactive affair. Security engineers monitored for threats and responded when they detected one. They may have also taken steps to harden their systems against breaches, but they didn’t proactively fight the threats themselves. That is changing as more and more teams add threat hunting as one pillar of their cybersecurity strategies.

One of the worst things about ransomware attacks isn’t just the mayhem they cause as your data is encrypted by criminals and your business is put on hold — it’s not knowing when they’ll happen. But what if you had some advance notice about the next cyberattack before it hit? What if you could find out if your data was up for bid on the dark web?

Ethics and compliance is becoming a burgeoning industry as an increase in government regulations in areas such as sustainability, diversity, and data privacy make compliance an important focus for companies. It’s especially important in tech companies as the ever-growing risk of cybersecurity breaches requires that security teams be vigilant in protecting sensitive data.

Following on from my previous post on testing for PHP Composer security vulnerabilities, I thought this post might be useful in helping create more secure applications that prevent PHP code injection. As developers, we build apps to help make end users’ lives easier. Be it entertainment, workplace or social network application, the end goal is to protect the users we build for by ensuring we build security into the code.