Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As traditional phishing attack attachment types like Office documents dwindle in use, threat actors look for new effective ways to use email as a delivery medium to launch an attack. We’ve seen email attachments being used in cyberattacks for decades now, so it shouldn’t come as a surprise to anyone working in an office that a strange attachment type may be malicious. And yet, this trend continues, despite threat actors changing which types of attachments to use.

Seeking very large paydays, Vendor Email Compromise (VEC) threat actors are finding out what works and repurposing their content and processes to increase chances of seeing a massive payout. VEC is a form of Business Email Compromise (BEC) where an email account isn’t just impersonated (e.g., using someone’s name, a lookalike domain, etc.) but actually compromising credentials and taking over an account of someone within an organization.

A recap of Q2 from Cisco Talos’ incident response services provides insight into exactly what kinds of attacks are being seen in the field, and what kinds of attacks you need to be protecting against. While I love covering industry reports here, I also love to see practical experiences from the field summarized into trends. And that’s exactly what we find with Cisco Talos Incident Response’s Incident Response trends Q2 2023 recap.

Many of us have received a phone call or other notification from a credit card company telling us that they’ve detected suspicious activity on our card. Was it us? Did we just spend $500 at that big box store up the road? No? Thank you; there’ll be no charge. Or, if that was you, then you need take no further action.

A few weeks ago, GitHub posted on their blog a recent security alert that should have any organization in the tech industry worried. GitHub identified a social engineering campaign that is targeting personal accounts of employees that work for technology firms. This campaign is using a combination of repository invites and malicious npm package dependencies to strike.

The World Wide Web, now simply referred to as the Internet, is by far the most significant technological revolution in tech history. The current generation of the internet is Web 2.0, which allows users to browse and write content powered by centralized data centers. Today the cyber world is rapidly progressing towards Web 3.0.

A threat actor is an individual or group that purposefully exploits weaknesses in computer systems, networks, devices and individuals for their own benefit. There are many different types of threat actors, with each of them having their own motives and skill levels. Some types of threat actors include cybercriminals, insiders, hacktivists and nation-state threat actors. Continue reading to learn what threat actors do, the tactics they use and how to stay safe from them.

The Document Object Model (DOM) acts as an interface between HTML and JavaScript, bridging the gap between static content and dynamic interactivity. This function makes the DOM indispensable for modern web developers. However, the DOM has a pitfall — DOM clobbering. DOM clobbering occurs when HTML elements conflict with global JavaScript variables or functions, which can lead to unexpected behavior and a potential security loophole in your web application.

Veracode recently released Static Analysis support for Dart 3 and Flutter 3.10. This makes it possible for developers to leverage the power of Dart and Flutter and deliver more secure mobile applications by finding and resolving security flaws earlier in the development lifecycle when they are fastest and least expensive to fix.

When a company contracts or partners with a third party to handle and process its sensitive customer data, it is crucial for those third parties to use effective strategies to safeguard that data. Third parties should treat the data they handle from organizations as their own, complying with regulations and security requirements set by the organization.