GitHub announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to automatically block…
Spring released emergency updates to fix the 'Spring4Shell' zero-day remote code execution vulnerability, which leaked prematurely online before a patch…
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads…
Microsoft and identity management platform Okta both disclosed this week breaches involving LAPSUS$, a relatively new cybercrime group that specializes…
Fighting The International Cyber War with Ai
As Ukraine fights to maintain a stronghold on its besieged capital, cyberattacks are escalating. Governments on both sides […] The…
GitHub can now auto-block commits containing API keys, auth tokens
GitHub announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to automatically block…
Log4j Showed Us That Public Disclosure Still Helps Attackers.
Public disclosure is still a bit of a mess By Alex Haynes, CISO, CDL At 2:25 pm on […] The…
A Comprehensive Backup Strategy Includes SaaS Data, Source Code
Backups aren't just limited to hard drives, databases and servers. This Tech Tip describes how organizations should expand their backup…
Phishing uses Azure Static Web Pages to impersonate Microsoft
Phishing attacks are abusing Microsoft Azure's Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials. [...]
Companies Going to Greater Lengths to Hire Cybersecurity Staff
The cybersecurity market is red-hot. But with so many still-unfilled positions, companies may be more willing to bend or break…
Spring patches leaked Spring4Shell zero-day RCE vulnerability
Spring released emergency updates to fix the 'Spring4Shell' zero-day remote code execution vulnerability, which leaked prematurely online before a patch…
Cybercriminals Fighting Over Cloud Workloads for Cryptomining
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads…
How to Prevent the Next Log4j-Style Zero-Day Vulnerability
An interactive static analyzer gives developers information on potential risks arising from user inputs while they code. This could be…
A Closer Look at the LAPSUS$ Data Extortion Group
Microsoft and identity management platform Okta both disclosed this week breaches involving LAPSUS$, a relatively new cybercrime group that specializes…