Welcome to the second DDoS threat report of 2023. DDoS attacks, or distributed denial-of-service attacks, are a type of cyber attack that aims to disrupt websites (and other types of Internet properties) to make them unavailable for legitimate users by overwhelming them with more traffic than they can handle — similar to a driver stuck in a traffic jam on the way to the grocery store.

In the digital age, an organization’s cybersecurity posture is as strong as its intelligence. Open-source intelligence (OSINT) has emerged as a vital tool for businesses, non-profit organizations, and governments alike to fend off cyber threats. This guide offers a deep dive into the realm of OSINT, detailing its importance, applications, challenges, and how SecurityScorecard’s cybersecurity assessment platform empowers organizations to utilize it effectively.

New York State’s Department of Financial Services (DFS) recently published a proposed amendment to its cybersecurity regulation affecting New York financial institutions. Part 500 of Title 23 of the New York Codes, Rules and Regulations (23 NYCRR 500) governs cybersecurity requirements for financial services companies. When first adopted in 2017, it was the first comprehensive cybersecurity regulation from a state government to govern the financial services sector.

CIS IIS 10 Benchmark provides prescriptive guidance for establishing a secure configuration posture for Microsoft Internet Information Services (IIS) version 10. The benchmark provides guidance for establishing a secure configuration posture for IIS version 10. The benchmark is divided into two levels of security controls: Level 1 and Level 2. Level 1 provides a set of fundamental security measures that can be implemented with little or no impact on service availability.

Cross-site leaks (XS leaks) are a class of web security vulnerabilities that allow hackers to obtain sensitive information from a user’s browsing session on other websites or web apps. Modern web applications share data through various features and APIs — a function attackers can exploit to access this user data.

CyberWire wrote: "Researchers at SlashNext describe a generative AI cybercrime tool called “WormGPT,” which is being advertised on underground forums as “a blackhat alternative to GPT models, designed specifically for malicious activities.” The tool can generate output that legitimate AI models try to prevent, such as malware code or phishing templates.

As organizations across every sector come to rely more and more heavily on digital data storage, digital work platforms, and digital communications, cyber attacks are becoming increasingly common. Enterprising cyber attackers see opportunities abound with the widespread digital transformation across industries. Social engineering cyber attacks present a particularly potent threat to organizations.

By streamlining application security for the enterprise, Polaris is redefining secure development. As organizations increasingly prioritize operational efficiency, the importance of incorporating application security (AppSec) programs into their processes becomes increasingly evident. They must also address the challenges of managing multiple AppSec vendors while reducing costs and optimizing dataflow. Further, they need to consolidate and minimize system upgrade efforts.

An insider threat is a cyberthreat that happens within an organization. Insider threats occur when current or former employees, partners, contractors or vendors cause sensitive data and systems to become compromised or steal data for their own malicious purpose. Insider threats can be intentional or unintentional, depending on the goal of the insider and if the insider is working with someone else.