Permissions matter for SaaS Security – Why?
Earlier this year, attackers compromised Mailchimp, a popular SaaS email marketing platform. We examined over 300 Mailchimp customer accounts and exported audience data from 102 of them. The compromise was preceded by a successful phishing attempt that launched a malicious attack against an end-user of a Mailchimp customer. Three months later, Mailchimp suffered another attack. […]
The Era of Cyber Threat Information Sharing
We have spent 40 years protecting ourselves as individuals. We tried to trick and outsmart the cybercriminals, but when all our efforts failed, we thought of working with our peers to outnumber them. Cybercriminals don’t remake themselves every time. They have limited resources and limited budgets. So they use playbooks to attack a lot of […]
Over 829 million cyberattacks blocked in Q4
In the fourth quarter (Q4) of 2022, over 829 million cyberattacks were blocked globally, including 59% of Indian websites. According to application security firm Industace, the report said there was a sharp increase in the intensity and frequency of DDoS and bot attacks in 2004 compared to the third quarter. “During the quarter, we saw […]
Cybersecurity is not a losing game – start now
Reality has a way of asserting itself, no matter what personal or business choices we make, good or bad. For example, very recently, the services of the city of Antwerp in Belgium were the victim of a very disruptive cyber attack. As usual, people cried out ‘bad play’ and suggested that appropriate cybersecurity measures should […]
New Digital Personal Data Protection Bill in India ,2022
The new Digital Personal Data Protection Bill, 2022, which was unveiled on 18 November, puts more focus on personal data than previous cumbersome drafts. The revised version of the law provides for high penalties for violations, but these penalties are limited regardless of the turnover of the companies involved. It also eased rules on cross-border […]
Lets talk about Supply Chain Attacks and Cloud Native
The past couple of years have seen an upward push in software supply chain attack, with the maximum salient example being the SolarWinds attack. As production environments have gained a couple of layers of safety, and lots of the attention of safety groups, malicious actors have set their points of interest on “poisoning the properly”, […]