Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Are you leaving your APIs vulnerable to attacks? OWASP revealed that Broken Object Level Authorization is among the top 10 most critical API security risks list. It is number 1 on OWASP API Top 10, 2019. Even large companies like Facebook, Uber, and Verizon, with thousands of engineers and dedicated security teams, have experienced BOLA attacks. Before diving into Broken Object Level Authorization, here are a few terms you’ll need to be familiar with.

Cloud adoption and use in corporate environments are rising, and its future looks bright. Business spending on Cloud services indicates this upward trend, as it increased by 29% in the second quarter of the year compared to the same period last year. Cloud migration has ushered in changes to regulations to consolidate data security according to the nature of the business.

Read also: A global phishing syndicate used over 500 apps to steal data from phones, MITRE unveils a free tool to help organizations strengthen cyber resilience, and more.

Last October, Trustwave SpiderLabs blogged about the use and prevalence of HTML email attachments to deliver malware and phishing for credentials. The use of HTML smuggling has become more prevalent, and we have since seen various cybercriminal groups utilizing these techniques to distribute malware. HTML smuggling employs HTML5 attributes that can work offline by storing a binary in an immutable blob of data within JavaScript code.

We’re all in on passkeys, and we’re starting with 1Password.

In this highly technology-driven world, no company is completely safe from cyber-attacks. Even one of the IT giants – GitHub faced exploitation, leading to the stealing of their Code Signing Certificates. There was only minimal impact on the organization and its software products. But, from the incident, almost every small, medium, and large-scale company has got aware of securing their software publisher certificates.

Clicking on malicious links can lead to compromised accounts and can infect your devices with malware. Learning how to check if a link is safe, before clicking on it, is important to keeping you safe online. You can check if a link is safe by hovering over the link to see if it’s the URL it’s saying it is or by using a URL checker.

This is part 2 of the blog series on the MITRE ATT&CK framework for container security, where I explain and discuss the MITRE ATT&CK framework. For those who are not familiar with what the MITRE framework is, I encourage you to read part 1. In my previous blog post, I explained the first four stages of the MITRE ATT&CK framework and the tactics used by adversaries to gain a foothold in the network or the environment within a containerized application. What happens next?

At JFrog, we’re serious about software supply chain security. As a CVE Numbering Authority, our JFrog Security Research team regularly discovers and discloses new malicious packages and vulnerabilities posing a threat to development organizations. We know that in order to deliver trusted software on demand, you must have a secure software supply chain — making security a priority in everything we do.

When we published the Elastic Global Threat Report in 2022, it included threat trends and correlations from our analysis of telemetry data shared by our users. In addition to telling us about how well features work for them, it also represents our visibility of the threat landscape. About 34% of the techniques we saw were related to defense evasion, which we believe is a direct result of endpoint security innovations.