Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mend Supply Chain Defender reported and blocked dozens of packages from the same author. These packages targeted developers of many companies and frameworks like slack, Cloudflare, Datadog, Metamask, react, Shopify, OpenSea, Angular and more. A dependency confusion attack takes advantage of a software developer’s tendency to pull malicious code from public repositories rather than internal ones.

While cybersecurity might be under the umbrella of IT, make no mistake: a breach will impact the entire business, making it the entire organization’s responsibility to be able to understand and take action on risk. This means that your organization needs to have a holistic view of risk that can enable the risk intelligence required to not only have technical discussions, but business conversations about cyber risk.

Ingress aims to simplify the way you create access to your Kubernetes services by leveraging traffic routing rules that are defined during the creation of the Ingress resource. This ultimately allows you to expose HTTP and HTTPS from outside the Kubernetes cluster so you no longer need to expose each service separately—something that can be expensive and tedious as an application scales, resulting in an increase in services.

In March 2022, PCI DSS launched a 4.0 version, which sets the operational and security standards for users. This new version is the replacement for the 3.2.1 variant. The authorities have upgraded the version to enhance security measures and help individuals and businesses handle growing security threats seamlessly. Financial companies have been sending feedback for the inefficient payment systems, due to which the PCI DSS launched a new security version PCI-DSS v4.0.

In 2022, phishing attacks have not only increased substantially, but they have also taken a new turn of events. According to the Agari and PhishLabs Quarterly Threat Trends & Intelligence report, phishing attacks are gradually being delivered through a wide range of online platforms.

According to IBM’s Cost of a Data Breach report In 2021, data breach costs rose from $3.86 million to $4.24 million, exhibiting the highest average total cost in the 17-year history of their report. A new report from the Department for Culture, Media, and Sport (DCMS) has revealed that data breaches have become more costly for medium and large businesses in the UK. The report shows how medium-sized and large firms lost an average of £19,400 in 2021.

Behind tremendous interest in zero trust security and its crucial role in the SASE journey, many practitioners choose zero trust network access (ZTNA) as their first step toward transformation. If you are planning a ZTNA project, here are some ideas and tips that can increase your odds of success and provide a smooth transition from legacy remote access VPNs to ZTNA.

You might think that the majority of cybersecurity breaches result from carefully planned and executed attacks. You may imagine hackers expertly crafting phishing emails to con employees into giving away access to critical systems, for example, or planting state-of-the-art malware on victims' servers. The reality – as Zenity co-founder and CTO Michael Bargury explains in his most recent Dark Reading column – is less interesting, and perhaps more worrying.

BlackGuard is a fairly new info stealer from the end of January 2022 with a business model of Malware-as-a-Service (MaaS). The malware is sold in underground forums and a dedicated Telegram channel of the operators’ named blackteam007.

Each year, CyberEdge publishes the Cyberthreat Defense Report (CDR). Aimed at IT security leaders, this comprehensive report outlines the threats, security issues, and industry concerns that are most pressing. Information summarized in the CDR is gathered through surveys conducted in 17 countries and 19 industries. Respondents are IT decision-makers in organizations with at least 500 employees.