Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Managing dependencies isn’t always easy, but it’s critical for protecting your code. In this guide, we’ll explore what dependencies are and how they can be checked for known vulnerabilities, compatibility, licensing requirements, and more. We’ll then learn that dependency checks should be part of a dependency management strategy to keep applications up to date and reduce security risks and technical debt.

Of course, everyone wants to dominate the SERPs. It’s a no-brainer! Want to know one of my favorite ways to achieve better rankings? Yup, web scraping! Web scraping is particularly useful for SEO; not only is it very cheap, but it allows you to access hyper-specific data that sometimes is not even visible through SEMRush’s or Ahrefs’ databases. Keep in mind anyone can disallow these two bots (and any bot actually) via their robots.txt.

Top tips is a weekly column where we highlight what’s trending in the tech world today and list out ways to explore these trends. This week, we’re showing you how to spot a fraud call and avoid getting scammed. Microsoft, AT&T, the FBI, and the IRS—what do these four entities have in common? Most likely, you or someone you know has received a call from somebody impersonating these entities.

For both white-hat and black-hat operators, the infamous “RockYou” lists have been a staple of the cyber-security landscape for well over a decade. They are lists of passwords, compiled and repeatedly expanded upon with data leaked over the years to form, in its most recent iteration, a list of approximately 10 billion plain-text passwords.

Ransomware is more prolific and expensive than ever. Depending on the source you read, the average or median ransomware payment was at least several hundred thousand dollars to well over several million in 2023. Marsh, a leader in cybersecurity insurance, wrote that its customers paid an average of $6.5 million in ransom in 2023 (after just paying an average of $1.4 million in 2023).

Researchers at Abnormal Security have observed a 360% increase in phishing attacks against state and local government entities over the past year. The researchers write, “While phishing tends to consistently increase each year and regularly accounts for the majority of advanced threats, this level of growth is extraordinary.” Threat actors often use phishing to gain a foothold within an organization before launching more follow-on attacks.

The Sysdig Threat Research Team (TRT) continued observation of the SSH-Snake threat actor we first identified in February 2024. New discoveries showed that the threat actor behind the initial attack expanded its operations greatly, justifying an identifier to further track and report on the actor and campaigns: CRYSTALRAY. This actor previously leveraged the SSH-Snake open source software (OSS) penetration testing tool during a campaign exploiting Confluence vulnerabilities.