Given the reliance of today’s digital world on APIs and the fact that attacks targeting them continue to rise sharply, API security cannot be an afterthought. Given the increasing reliance of today’s digital world on APIs and the fact that cyberattacks targeting them continue to rise sharply, API security cannot be an afterthought. Here is
Month: June 2023
Jun 03, 2023Ravie LakshmananEndpoint Security / Linux An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal. Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an “extremely high degree of similarity” between Royal and BlackSuit.
A catastrophic “once-in-200-years” cyber event could cause $33bn in losses for the cyber-insurance sector, according to a new report from Guy Carpenter. The reinsurer’s Through the Looking Glass report used three modelling platforms to calculate its estimates: CyberCube, Cyence and Moody’s RMS. Into these it fed proprietary data related to almost two million cyber policies.
by Paul Ducklin IT’S HARDER THAN YOU THINK No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of
As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency The application programming interface (API) is an unsung hero of the digital revolution. It provides the glue that sticks together diverse software components in order to create new user
Jun 02, 2023Ravie LakshmananCyber Espionage / APT U.S. and South Korean intelligence agencies have issued a new alert warning of North Korean cyber actors’ use of social engineering tactics to strike think tanks, academia, and news media sectors. The “sustained information gathering efforts” have been attributed to a state-sponsored cluster dubbed Kimsuky, which is also
The UK’s tax office has warned of a new set of scams designed to trick customers claiming tax credits into handing over their personal and financial information. Currently being phased out in favor of a new Universal Credit system, tax credits can be claimed by low-income households to help them with the cost of living. However,
by Paul Ducklin Over the last two weeks, we’ve seen a series of articles talking up what’s been described as a “master password crack” in the popular open-source password manager KeePass. The bug was considered important enough to get an official US government identifier (it’s known as CVE-2023-32784, if you want to hunt it down),
A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms Social media sites are a near-bottomless source of information that almost anyone can use for security and intelligence research, as well as for marketing campaigns. The platforms allow anybody to
Jun 01, 2023Ravie LakshmananEndpoint Security / Encryption The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a “number of updated capabilities that strengthen the