Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In 2023, identity theft and fraud reached significant levels, with various reports highlighting the extensive impact on consumers and businesses. The Federal Trade Commission (FTC) reported that consumers lost more than $10 billion to fraud, marking a 14% increase from the previous year. Identity theft remained a pervasive issue, with nearly 560,000 cases reported in the first half of 2023 alone.

Accessing passkeys from multiple devices can be a hassle if you don’t use a passkey manager since they’re tied to the device on which they’re generated. This means you’d have to create a passkey on multiple devices or scan a QR code to access a passkey from devices that use different Operating Systems (OS). This is inconvenient, which is why you should consider investing in a password manager to store and manage your passkeys.

Here’s what you need to know about the progression of the Polyfill supply chain attack and how to respond.

Managing vulnerabilities can feel like the end of the first act of Les Misérables as you sing to yourself, “one day more, another day another vulnerability.” Like Jean Valjean, you attempt to put up barricades to protect your environment from attackers exploiting these security weaknesses. Keeping pace with the number of vulnerabilities and threat actor activities becomes overwhelming, leaving you to feel outnumbered and outmanned.

In 2023 alone, there were over 3,200 reported cyberattacks, with over 350 million victims in the United States. That’s not to mention the undetected or failed attacks by these cybercriminals, both external and internal, to get access to sensitive data and customers’ Personal Identifiable Information (PII).

As developers, we often have to work with REST APIs when we integrate with third-party systems or connect between frontend and backend systems at work. APIs, and REST APIs in particular, are a fundamental part of modern web applications, allowing us to create, read, update, and delete data over HTTP. However, as with any technology, they come with their own set of security challenges. Let's break these challenges down and understand how to secure REST API applications.

Container security is crucial in the age of microservices and DevOps. Learn about common container vulnerabilities, container security scanning, and popular tools to secure your containers in this comprehensive guide.

The threat of phishing attacks looms larger than ever. The LA County Department of Public Health recently announced that 50 employees fell victim to phishing attacks, compromising sensitive patient data. These deceptive schemes have become a staple in the cyberthreat landscape, targeting individuals and businesses of all sizes. For every employee, understanding the signs and consequences of a phishing attack is crucial to safeguarding their organization.

France’s cybersecurity agency ANSSI has issued an alert outlining a Russian spear phishing campaign targeting French diplomats, the Record reports. The agency attributes the campaign to “Nobelium,” a threat actor tied to Russia’s Foreign Intelligence Service (the SVR).

The US FBI and the Department of Health and Human Services (HHS) have released a joint advisory warning of a social engineering campaign that’s targeting the healthcare industry. “Threat actors are using phishing schemes to steal login credentials for initial access and the diversion of automated clearinghouse (ACH) payments to US controlled bank accounts,” the advisory states.