Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In an era of digital innovation and technological advancements, robust application security has never been more crucial. As cyber threats continue to evolve, organizations must stay ahead of the curve to protect their sensitive data and maintain the security of their users. One project that can help in this process is OWASP (Open Web Application Security Project), a globally recognized non-profit organization dedicated to improving application security.

The impact of the 2024 RSA Conference on security in San Francisco was beyond expectations. It was really a fantastic opportunity to meet an amazing group of individuals from all stages of the software supply chain from CISOs to researchers to development and security teams.

Read also: A Russian access broker charged in the US, Coinbase fraudster pleads guilty, and more.

In today’s digital age, organizations are often crippled by a cybersecurity environment that is fragmented and complex. The jumble of security data — from intrusion detection systems to vulnerability management platforms and more — scattered and isolated across various tools, hinders a unified approach to security.

If you’re searching for a new job, do so with caution. The rise of job scams poses a real threat to our privacy, finances, and livelihoods. Online scammers are taking advantage of the increase in remote work, Artificial Intelligence, and a competitive job market to post fake job offers or other job scams online.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! There certainly has been an increasing number of VPN breaches of late, many of which are SSL based. Time to get rid?

In many cases, cutting something off is necessary to avoid bigger damage. This is the idea behind controlled infrastructure removal, the elimination of some parts of your cloud infrastructure to contain an attack or remove a potential attack surface. It is an important part of infrastructure-as-code (IaC) management and something organizations need to be familiar with as they secure their cloud environments and the apps they develop.

A buggy rollout or, even worse, a security breach can lead to user frustration, lost trust, and damaged reputation. To keep users happy and your brand protected, you need a robust deployment strategy that balances seamless updates with ironclad security. 32% of customers abandon a brand they love after just one negative interaction. For software teams, this means that every update is a high-stakes moment. Can we ensure both a positive user experience and robust protection during every rollout?

In today's digital age, where interconnectivity is the norm, routers act as custodians of business information. These devices, which can sometimes be undervalued, control data traffic between our devices and the global network. However, recent events have highlighted vulnerabilities that may affect a large number of routers, raising concerns about the protection of sensitive information handled by enterprises.

Netskope Threat Labs is tracking multiple phishing campaigns that abuse Cloudflare Workers. The campaigns are likely the work of different attackers since they use two very different techniques. One campaign (similar to the previously disclosed Azorult campaign) uses HTML smuggling, a detection evasion technique often used for downloading malware, to hide the phishing content from network inspection.