APIs have been a key factor in digital transformation, but they have also widened the scope of potential security risks for businesses. Cyber criminals have been taking advantage of vulnerabilities in APIs…
Category: English
Cybersecurity in Antigua: AntiguaRecon
AntiguaRecon is a program that provides cybersecurity training to young people on the Caribbean island of Antigua. Founded by Adam Dennis, the initiative seeks to offer its services around the region and…
Building an Engaging Cyber Security Program
Creating a culture of cyber security in an organization requires an effective, impactful, and ongoing security awareness program with engaging content that is tailored to the user’s role. The content should be…
Secure Software Supply Chain
Software Supply Chain Security (SSCS) is gaining attention as the RSA Conference 2023 approaches. This security discipline has been argued to contradict the “shift left” movement, which promotes code testing and application…
Vietnamese Cybercriminal’s Malware
A Vietnamese cybercriminal has been discovered to be responsible for a malvertising campaign on social media platforms, resulting in the infection of over 500,000 devices worldwide in the past three months. The…
Protecting Against Lateral Movement
Lateral movement is a tactic used in more than 80% of ransomware attacks and is a threat to every organization. It is a straightforward process which requires a valid username and password…
Decoy Dog: Rare Malware
Infoblox has discovered a new malware toolkit called Decoy Dog that uses techniques such as strategic domain aging and DNS query dribbling to avoid detection. This malware is extremely rare, with its…
Active Threats: 3 Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. These include CVE-2023-1389, a command injection vulnerability…
ScarCruft: North Korean Threat
ScarCruft, a North Korean threat actor, has been experimenting with unusually large LNK files as a way to deliver RokRAT malware since July 2022. This malware is capable of performing a range…
TA505 Delivers LOBSHOT Malware
A threat actor has been observed using Google Ads to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. The malware is attributed to a financially motivated e-crime syndicate known…