What do the 3ve ad fraud campaign, the Magecart credit card skimming attacks and the Facebook-Cambridge Analytica scandal have in common? They were all made possible through the use of unmanaged third-party code, according to Chris Olson, CEO of the Media Trust, speaking the SC Media at RSA 2019.There was a time when websites and mobile apps relied primarily on their own source code, but the advent of third-party services has flipped that equation, explained Olson. Now third-party code often far exceeds proprietary code, and that leaves website and app developers vulnerable because they have little control or visibility over code that's not their own.
As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.
Cybercriminals are reportedly instructing victims to withdraw cash and deposit it into crypto kiosks, which then transfer the funds to attacker-controlled wallets.
Storm-2949 initiates attacks by targeting users with privileged roles, such as IT personnel or senior leadership, using social engineering tactics to obtain their Microsoft Entra ID credentials.
