Granting employees admin status is convenient but risky
One of your employees needs access to part of your customer database so he can fulfill an urgent reporting request. You’re busy and this employee is trustworthy, so you grant him administrative status. Simple solution, right? You’ll revoke it later when you’re done with the other 600 critical things you’re working on right now. Right?…
More Fake Cryptocurrency Apps Deliver GMERA Malware to Mac Users
Previous attacks involving this malware family were observed leveraging malicious versions of the trading app Stockfolio, and security researchers also associated the GMERA Trojan with the activities of North Korean hackers. Recently identified campaigns featuring the malware involved the use of several websites that distributed malicious applications claiming to provide cryptocurrency trading capabilities. The cybercriminals…
The FBI expects a surge of mobile banking threats
The increased use of mobile banking apps due to the COVID-19 pandemic is sure to be followed by an increased prevalence of mobile banking threats: fake banking apps and banking Trojans disguised as those apps, the FBI has warned. The problem The pandemic and the resulting social distancing brought about many changes. Among them is…
Microsoft 365 Apps update changes: What security admins need to know
As more organizations move to the Microsoft 365 platform, Microsoft has acknowledged that we need a more stable monthly update platform for the Office suite. Microsoft has made changes in naming and the patching cadence in response to customers’ concerns. Until May 2020, Office 365 applications were updated using click-to-run technology under three difference schedules…
Application threats and security trends you need to know about
Applications are a gateway to valuable data, so it’s no wonder they are one of attackers’ preferred targets. And since modern applications aren’t a monolithic whole but consist of many separate components “glued together” over networks, attackers have at their disposal many “doors” through which they can attempt access to the data. Easy targets will…
Security and the rapidly growing importance of mobile apps
Organizations are under more pressure than ever before to rapidly produce both new apps and updates to existing apps, not only because it’s essentially the only way they can interact with their customers, but also because there will be a flood of new users who previously relied on physical locations to conduct their business. Continuous…
As companies rely on digital revenue, the need for web and mobile app security skyrockets
As non-essential businesses have been forced to shut their doors around the world, many companies that previously relied heavily on the brick-and-mortar side of the business are now leaning more on revenue from their digital platforms. By 2023, according to research performed by Statista, applications may generate nearly $935 billion in revenue. With increased reliance…
Twitch security and privacy settings
At the end of January, when users’ monthly hours watched surpassed 1 billion for the first time, Twitch developers must have been jumping for joy. The world’s leading video streaming service continues to grow, and if you’re a gamer and like to watch others play, most likely you’re already signed up. Alas, like any popular…
How Visa built its own container security solution
Like many large enterprises, financial services giant Visa has embraced containerization technologies that enable companies to move from legacy monolithic apps to microservice-based application architectures that are easier to maintain, update and deploy at scale on cloud infrastructure. But splitting apps into microservices also comes with the challenge of ensuring the containers hosting the various…
Most credential abuse attacks against the financial sector targeted APIs
From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. According to data from Akamai, up to 75% of all credential abuse attacks against the financial services industry targeted APIs directly. According to the report’s…