Permissions matter for SaaS Security – Why?

Earlier this year, attackers compromised Mailchimp, a popular SaaS email marketing platform. We examined over 300 Mailchimp customer accounts and exported audience data from 102 of them. The compromise was preceded by a successful phishing attempt that launched a malicious attack against an end-user of a Mailchimp customer.  Three months later, Mailchimp suffered another attack. […]

Synology releases patch for critical RCE vulnerability affecting VPN Plus servers

Synology has released a security update to address a critical vulnerability in VPN Plus Server that could be used to take over an affected system. The vulnerability registered as CVE-2022-43931 has a maximum severity of 10 in the CVSS rating and was described as a write out of bounds error in the Remote Desktop feature […]

WhatsApp introduces proxy support to help users bypass internet censorship

Popular instant messaging service WhatsApp has introduced support for proxy servers in the latest versions of its Android and iOS apps. This allows users to avoid government-imposed censorship and internet shutdowns. “By choosing a proxy, he can connect to his WhatsApp through servers set up by volunteers and organizations around the world, allowing people to […]

Facebook pays $725 million to settle lawsuit over Cambridge Analytica data breach

Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a lengthy class-action lawsuit filed in 2018. application used by Cambridge Analytica to access users’ personal information without consent for political advertising purposes. The proposed settlement, first reported by Reuters last week, is the latest penalty the […]

The Era of Cyber ​​Threat Information Sharing

We have spent 40 years protecting ourselves as individuals. We tried to trick and outsmart the cybercriminals, but when all our efforts failed, we thought of working with our peers to outnumber them. Cybercriminals don’t remake themselves every time. They have limited resources and limited budgets. So they use playbooks to attack a lot of […]

Over 829 million cyberattacks blocked in Q4

In the fourth quarter (Q4) of 2022, over 829 million cyberattacks were blocked globally, including 59% of Indian websites. According to application security firm Industace, the report said there was a sharp increase in the intensity and frequency of DDoS and bot attacks in 2004 compared to the third quarter. “During the quarter, we saw […]

Google takes Gmail security to the next level with client-side encryption

Google announced Friday that client-side encryption for Gmail is in beta for workspace and education customers. This is part of an effort to secure emails sent through her web version of the platform. This development comes at a time when online privacy and data security concerns are at an all-time high, and is a welcome […]

What developers need to deal with common vulnerabilities

CERT-In

Today’s  threat landscape is constantly changing, and now more than ever, organizations and businesses across all industries have an urgent need to consistently produce and maintain secure software. While certain verticals – such as the financial sector – have been subject to regulatory and compliance requirements for some time, we are seeing increased attention towards […]

Why is Robust API Security Important in Ecommerce?

API attacks are on the rise. One of their main targets is e-commerce businesses like yours. APIs are an integral part of how e-commerce businesses accelerate their growth in the digital world. E-commerce platforms use APIs at every customer touchpoint, from browsing products to processing deliveries. As the following diagram shows, API usage is on […]