Cybersecurity
Russia’s APT28 Uses GooseEgg to Exploit CVE-2022-38028
Overview of APT28’s Cyber Operations APT28, also known as Fancy Bear and Forest Blizzard, is a notorious Russian state-sponsored hacking group linked to the Russian military intelligence agency GRU, specifically Unit 26165. This group has been active for over a decade and is primarily involved in cyber espionage activities aimed at collecting intelligence to support…
Rise of the Machines: Bots Now Dominate Nearly Half of All Web Traffic
In 2023, the digital landscape saw an unprecedented surge in bot traffic, accounting for nearly half (49.6%) of all global Internet traffic, according to Thales’ 2024 Imperva Bad Bot Report. This represents a 2% increase from the previous year, reaching the highest level recorded since automated traffic monitoring began in 2013. Evolving Threat of Malicious…
XZ Utils Under Siege: Unmasking the Stealth Backdoor Menace
The cybersecurity landscape is abuzz with the recent uncovering of a meticulously crafted backdoor within XZ Utils, an essential open-source data compression tool widely used across Linux and Unix-like systems. This revelation, brought to light by a vigilant Microsoft developer, underscores the sophisticated nature of supply chain attacks that target the very core of open-source…
The Era of Streamlined Cybersecurity: Embracing Automated Penetration Assessments
In today’s digital age, safeguarding network infrastructure is more crucial than ever. Traditionally, penetration testing, a critical component for identifying exploitable security gaps, has been a resource-intensive task. This has led many organizations to limit such evaluations to annual compliance exercises, often overlooking the dynamic nature of cyber threats. However, the landscape is evolving rapidly…
Human versus Non-Human Character in SaaS
In the rapidly evolving landscape of SaaS security, the emphasis has traditionally been on human users. However, a critical aspect often overlooked is the management of non-human entities accessing these systems. While human-centric security measures like MFA and RBAC are well-established, non-human entities such as integrations, service accounts, and API keys present unique challenges that…
Mastery of Cybersecurity: A Deep Dive into CTEM
Focus on Critical Risk Areas But what sets CTEM apart, and more importantly, how does it transcend the existing landscape of Vulnerability Management? At the core of CTEM lies the ability to unearth tangible, actionable threats to vital assets. While anyone can identify security gaps within an organization’s ecosystem, the real challenge lies in sifting…
APIs Serve as the Backbone of Internet Traffic and Present Opportunities for Cybercriminals
Application Programming Interfaces (APIs) play a vital role in facilitating digital transformation by enabling the exchange of data between applications and databases. According to the 2024 State of API Security Report by Imperva, a Thales company, APIs accounted for a significant portion of internet traffic, comprising 71% of all web traffic in 2023. Additionally, a…
Creating a Culture of Cybersecurity Awareness within Your Organization
As the complexity of cyber threats continues to increase, it’s crucial for organizations to prioritize cybersecurity awareness at every level of the company. Implementing thorough cybersecurity awareness training provides employees with the knowledge needed to recognize risks and respond effectively in the event of a security incident. Beyond simply reducing potential harm, robust awareness programs…
How to Protect Yourself From New Scams During the Pandemic
By May, the Internet Crime Complaint Center had already received 320,000 reports of fraud and similar crimes. In the face of these rising threats, you need to take action to protect yourself.
The Ultimate Guide for E-commerce Website Security in 2020
E-commerce and retail industries are plagued with hackers’ destructive activity. Here is what you can do to protect your store.
Advertising