API management (APIM): What It Is and Where It’s Going
So, where does this leave businesses that want to leverage the power of APIs? For starters, they need to invest in an API security strategy that covers all their bases. A robust strategy will be held up by a number of different tools and methodologies, including API management (APIM). In this article, we’re taking a…
6 Examples of the Evolution of a Scam Site
Fraudsters are getting more sophisticated about how they set up and make adjustments to brand impersonation scam sites — not just for phishing, but for all kinds of consumer fraud. A recent analysis by security researchers at Allure Security illustrates how brand impersonation sites are born, how they progress, and the evolutionary steps that fraudsters…
Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyberattacks
Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is. In a Feb. 1 blog post, Crane Hassold, director of threat intelligence at Abnormal Security, profiled “Firebrick Ostrich” a…
CISA to Open Supply Chain Risk Management Office
The US Cybersecurity and Infrastructure Security Agency (CISA) plans to open an office focused on helping the public and private sectors protect their software and IT supply chains. The new office will help organizations implement recently issued CISA policies and guidance related to managing cybersecurity supply chain risk, including issues stemming from malicious functionality, counterfeit…
Pro-Russia Killnet group hit Dutch and European hospitals
The Dutch National Cyber Security Centre (NCSC) reported that the websites of several hospital in the Netherlands and Europe were hit by DDoS attacks carried out by pro-Russia hacking group Killnet. The group of hackers launched the offensive against the hospitals in the European countries due to their support for Ukraine. “Hospitals in Europe, including…
Ransomware Hit on ION Group Delays EU Derivatives Trades
Attackers this week locked up the business of London-based ION Cleared Derivatives, a software firm that supports derivatives trading, forcing major European banks to process trades manually and prompting a major futures exchange to delay the settlement of trades for two hours. ION Cleared Derivatives, part of ION Group which offers software designed to automate…
Will Hive Stay Kaput After FBI Busts Infrastructure?
What’s not to love about an international law enforcement operation wreaking disruption on Hive, the ransomware-wielding crime syndicate? But with no suspects in jail, it’s unclear how long this takedown will stick before the bad guys get back their sting. There’s still plenty to celebrate since Hive, one of the world’s most active ransomware groups,…
Snyk CEO Peter McKay on Making Defense Easier for Developers
The nearly $200 million it raised in December will allow Snyk to consolidate the developer security market through organic investment and acquisitions, says CEO Peter McKay. Snyk has focused on giving clients a 360-degree view of applications by integrating open-source security, container security, infrastructure-as-code security and cloud security together, he says. The company’s buy of…
Phishers Trick Microsoft Into Granting Them ‘Verified’ Cloud Partner Status
Late last year, a group of threat actors managed to obtain “verified publisher” status through the Microsoft Cloud Partner Program (MCPP). This allowed them to surpass levels of brand impersonation ordinarily seen in phishing campaigns, as they distributed malicious applications bolstered by a verified blue badge only ever given to trusted vendors and service providers…
Poser Hackers Impersonate LockBit in SMB Cyberattacks
A recent spate of cyberattacks against small to midsize businesses (SMBs) across Northern Europe was initially believed to be the handiwork of LockBit, but following further investigation, it turns out that a copycat group is using leaked LockBit malware for campaigns of its own. According reports from Belgium’s Computerland publication, the “wannabes,” while not as…
