Cyber app – Cyber Gestion Tue, 28 Jun 2022 09:02:35 +0000 en-US hourly 1 Cyber app – Cyber Gestion 32 32 Mumbai: Police investigate 21 loan application fraud cases, 3 detained Tue, 28 Jun 2022 07:31:30 +0000 The Mumbai Criminal Police Cyber ​​Police have arrested three people as part of their probe into 21 cases of loan application fraud recorded in the city this year.

While the first arrest took place on June 25, police arrested two more people on Monday. On Saturday, a loan collector from Telangana was arrested. “The man holds an engineering degree and was responsible for phoning those who had not paid the loan amounts. If the loans did not repay, the man would ask his helpers to start the harassment. Based on his interrogation, we arrested two other people. Our investigations are ongoing,” said DCP (Cyber) Hemraj Singh Rajput.

According to the police, since last year, thousands of people across Maharashtra in need of urgent cash have fallen prey to these predatory loan apps which allegedly offer small loans without too much paperwork. When issuing loans through the app, lenders asked borrowers to access their phone contact list and gallery and collected their copies of Aadhaar and PAN cards, police said.

Borrowers who failed to repay the loan within weeks with a higher interest rate were reportedly harassed by loan collectors and abusive and obscene messages were reportedly sent to people on the lender’s contact list. ‘borrower. They even transformed photos of the borrower into nude photos and obscene videos and sexually harassed them and their family members to extort money, police said. In many cases, police say, officers ended up extorting far more than the loan amount.

Police took note of the issue when a 38-year-old business executive took his own life at his home in Kurar, Malad (East) due to harassment in May this year. Subsequently, several other victims also alerted the police to the fact that they were being harassed. Acknowledging the increase in crime, at least 21 cases between January and May were transferred to cyberpolice. About 10 police inspectors in four cyberpolice stations in the cybercrime branch investigate the cases to find a common thread.

Opalyte Services Unveils App to Help Suppliers Increase Sales Sun, 26 Jun 2022 11:09:00 +0000 Chennai-based start-up Opalyte Services Pvt Ltd announced on Sunday that it will unveil a PAIZATTO mobile application in July, based on the Digital Referral Marketplace platform, aimed at boosting vendor sales. The Paizatto application is a brand of digital solutions to become aggregators of aggregators in an ever-changing market.

The app boosts customers’ shopping experience for essential products through the return program offered to consumers every time they buy, a statement from the company says here.

The app provides comprehensive analytics of vendor sales details and their referral purchase details. The app also updates consumers with products and offers from nearby stores, based on the value of their purchase.

The company in the first year of operation plans to cover about 50,000 stores, 10,000,000 consumers and triple it in the second year, he said.

Discover the stories that interest you

As part of the service expansion, the company plans to extend the offer to every district in six months, she added.

Stay on top of tech news and the startups that matter. Subscribe to our daily newsletter for the latest must-have tech news, delivered straight to your inbox.
Stay safe when trading on a trading app Sat, 25 Jun 2022 04:03:26 +0000

The financial market has become more accessible since traders can now install trading apps on their mobile devices and trade on the go. Trading using mobile apps gives you the ability to follow the market at all times and open a position based on sound strategies. Also, the apps have made it easier for traders to plan their daily trades, especially those who trade part-time. So while trading apps have been a great addition to the financial markets, how do you stay safe when using them? Below are the top five tips you should know.

  1. Choose the right broker

Security is important with trading apps, and it is crucial that you invest with one hosted by a regulated broker. With them, you are assured of the security of trading funds since they are stored in a separate account accessible only by you. Remember, various brokers claim to be regulated, but to be sure of their credibility. In this case, make sure that globally recognized authorities monitor them. These include the Financial Conduct Authority (FCA), Cyprus Securities and Exchange Commission (CySEC), Australian Securities and Investment Commission (ASIC), etc.

With many scam trading apps, research thoroughly before settling for a broker. You can also consider recommendations from experts such as this one List of trading platforms TradingGuides United Kingdom. This way, you are guaranteed to find the best trading app to use in the long run.

  1. Create a strong password

There are many cases of cyber insecurity, and the last thing you should expect is to fall victim to online hackers. Moreover, anyone can access your mobile device, whether at work or at a social gathering. Therefore, you want to protect your account from being accessed by securing your trading application with a strong password. Cybersecurity experts say the biggest flaw in online attacks is weak security and passwords. So, when creating your app’s security code, make sure it is strong by mixing alphabets, numbers, and special characters. Most importantly, keep your password private. You can also enable two-factor authentication login.

  1. Close Trading Sessions

It is essential to close your trading session and log out of your account when you are not using a trading application. Although many brokers automatically log you out if your account remains inactive for a few minutes, it is crucial to always check. Clearing your cache from time to time is also advisable to ensure the security of your trading application.

  1. Use VPN

While using regulated trading apps will ensure the safety of your data and funds, you want to ensure that there is no risk of hackers trying to gain access to your account. In this regard, secure your account with a strong VPN connection. This way you will stay safe while trading on the go. Additionally, secure VPN connections allow you to transact securely, especially when connected to WiFi or the Internet over which you have less control.

  1. Beware of spam

From time to time you will receive emails from unknown senders. Do not rush to open them or click on unknown links. Also, be skeptical of cheap offers that seem too good to be true and confirm all information received. For example, if you receive an email claiming that a particular stock is trading at a specific price, be sure to confirm this information with the exchanges that list it before investing your money.


Trading apps are risky even though they have made markets and assets easily accessible to traders. With many scammers trying to hack into traders’ accounts, you will never be safe with trading apps. Therefore, follow the tips above to stay safe, minimize the risk of cyberattacks, and focus more on your trading activities. Plus, stay on top of developing trends to learn emerging hacker tactics and secure your platform before it’s too late.

Gallagher announces opening of Congressional App Challenge 2022 Thu, 23 Jun 2022 18:58:48 +0000

GREEN BAY, Wis. – Rep. Mike Gallagher (R-WI) today announced that the Congressional App Challenge is open to middle and high school students who live or study in Wisconsin’s Eighth Congressional District.

The App Challenge is a national competition that allows students interested in STEM to design, build and demonstrate an app on a computer, tablet or phone. Eighth District students will compete to have their application posted online on the official website Congressional App Challenge website.

“There is a national shortage of cyber talent, and it’s critical that we work to ensure that all students in northeast Wisconsin interested in this field are ready to fill this gap as soon as they can enter the field. labor market”, said Rep. Gallagher. “The Congressional App Challenge is an amazing way for students who live or study in the 8th arrondissement to get involved in STEM education and show off their talent. I look forward to seeing the innovative and creative apps they submit.”

Students can compete individually or in teams of up to four members. Registration is available HERE. The submission deadline is 11:00 a.m. CT, Monday, November 1, 2022. The parameters surrounding each submission are included below:

  • Subject: The application can relate to any subject.
  • Platform: The app can be on any platform (web app, desktop/pc app, web browser extension, bot, Ruby on Rails, mobile, etc.).
  • Programming language: Use any programming language: C/C++, Objective C, C#, Java, JavaScript, Python, Ruby, PHP, Swift, block code, etc.
  • Functionality: The application must have a certain degree of functionality to be competitive.
  • Adequacy of Content: The Application may not be indecent, defamatory, in obvious bad taste, demonstrate a lack of respect for morality or public conduct, damage the reputation of congressional districts, or depict hatred, defame or threaten a specific community in society or incite violence. Containing pornography, obscenity or sexual activity is prohibited. The application must not violate the intellectual property, common law, or privacy rights of other parties.
  • Originality: the application must be original and belong solely to the participant so that no other party has any rights or interests, known or unknown.

Students and educators with questions about the Congressional App Challenge should contact Representative Gallagher’s De Pere office at 920-301-4500 or visit

Court grants bail to 3 defendants in Bulli Bai App case Tue, 21 Jun 2022 17:13:00 +0000

The city’s Civil and Sessions Court on Tuesday granted bail to three defendants in the Bulli Bai App case, which was set up to “auction” Muslim women by tampering with their photographs.

Neeraj Singh, 28, an MBA graduate, was arrested in Odisha by Mumbai Police Cyber ​​Cell on January 20, 2022. Another defendant, Neeraj Bishnoi, believed to be the main conspirator in the case, was arrested by Delhi Police from Assam and was brought to Mumbai on Thursday. The third, Aumkareshwar Thakur, was arrested by Delhi police and would be charged in the Sulli Deals case, a similar app that posted photos of Muslim women.

The indictment filed by Mumbai police in March said Mr Bishnoi was the first to share the link of the Bulli Bai app on his Twitter group and that members of the group were fully aware that it would be used to target Muslim women. He had asked a co-defendant to send photographs of 100 “non-BJP famous Muslim women” to be auctioned off.

On January 1, 2022, the Western Region Cyber ​​Police Station had filed an FIR against the affected Twitter handles and the developer of “Bulli Bai” for violations of Sections 153A (promoting enmity on religious grounds, etc.), 153B (imputations prejudicial to national integration), 295A (insult to religious beliefs), 354D (harassment), 509 (word, gesture or act intended to insult the modesty of a woman), 500 (criminal defamation) of Indian Penal Code and Section 67 (Publication or Transmission of Obscene Material in Electronic Form) of the Information Technology Act.

Ada Announces New App Directory and Suite of Product Updates Mon, 20 Jun 2022 15:49:14 +0000

Ada, on a mission to help the world’s most innovative brands automate more valuable interactions, announced several new product launches and updates. Automated Brand Interaction (ABI) has introduced new no-code creation tools, social channels, proactive texting and a global app directory – with more exciting innovations in the pipeline.

In a shrinking economy, it is not enough to react to the changing landscape of consumer needs. Brands need to be at the forefront of what customers expect: more relevant, timely and proactive interactions that are always on and always helpful.

Ada gives brands the tools they need to make every customer feel like a VIP. Brands will have access to more personalization in the platform and, therefore, more valuable interactions at scale.

“Constant consumer change is the new normal,” says Ada CEO and co-founder Mike Murchison. “Brands need to have the tools to offer greater personalization and personalization of their interactions at every customer touchpoint with the brand. Today, that means anticipating your customers’ needs and engaging them proactively. Personalized and proactive interactions are more valuable to customers, and this is what will make brands stand out from the rest.

Ada’s ABI platform powers billions of interactions for leading brands like Zoom, Square and Shopify. Today’s announcement is the first in a long series, as Ada continues to expand the offerings of its award-winning platform, allowing brands to scale as they grow, while reducing costs and keeping the workforce stable.

With Ada, every brand interaction is enhanced through automation. And brands can use automation to cut costs without compromising customer interests.

Reduce dependency on call centers with Proactive SMS

Let’s face it, most customers no longer want to pick up the phone to interact with a brand. In a digital world, where people expect their needs to be met at the click of a button, even fast, friendly service has become a commodity.

With Ada’s new Proactive SMS solution, brands can initiate automated two-way, anticipatory SMS interactions that go beyond dead-end notifications. Brands can engage customers with information that matters to them, when they care, like payment reminders, order tracking updates, and exclusive offers.

With Ada’s industry-leading Natural Language Understanding (NLU), global brands can seamlessly interact with customers in the language of their choice. And with Ada’s Proactive SMS feature, brands can finally turn IVR experiences into SMS, reducing reliance on call centers and enabling the seamless transfer of conversations from customer support calls to SMS.

Text message open rates are as high as 98%, according to Gartner. This makes proactive SMS a powerful tool that will not only increase customer satisfaction – brands can use proactive SMS to save time and money, by reserving agents’ time for more complex interactions that generate revenue.

Extending automation to Twitter and Instagram

Social commerce continues to be a powerful force and investments in these strategies are growing. With that in mind, Ada has extended its automation to Twitter and Instagram, helping brands create more consistent and targeted brand experiences across the board.

E-commerce brands need to start preparing for what Ada calls their “superbowl moments” sooner than ever. Events like Black Friday and Cyber ​​Monday now last for weeks, even months in some cases. During these times, engaging with customers on Instagram is essential – businesses saw a 60% increase in support requests via social media in 2021.

With Ada rolling out to Instagram and Twitter during the busiest shopping season of the year, customers can maintain interactions with the brands they love, on the channels they love. And when a live agent is needed, the automated interaction is delivered within the same UX.

More personalization with the Global App Directory

In their quest for VIP experiences, brands use a wide variety of apps and integrations. Information is often stored in multiple places (separate tools for chat forwarding, data enrichment, and order tracking), which is inefficient for agents and slows resolution. Manual coordination has the potential to create interrupted experiences as users switch between them.

No more. Now brands can access Ada’s global app directory and connect Ada to all of their business systems, allowing them to customize and automate more complex issues and free up time for agents. The launch includes 30 out-of-the-box apps and integrations, ranging from simple CRM and Marketing Automation integrations that allow brands to instantly update account details and deliver relevant content to customers, to order management systems that allow customers to track their order. Brands can connect to apps like Calendly, Marketo, Clearbit, etc.

Delivering a seamless customer experience at scale has never been easier.

Deliver seamless cross-platform experiences with Glass for Zendesk Messaging

Providing asynchronous, “omnichannel” messaging has proven difficult for brands to deliver in practice. Brands struggle to effectively launch automation on asynchronous channels and hand off the interaction to an agent who can also respond asynchronously.

Ada Glass for Zendesk Messaging powers asynchronous messaging and seamless handoff between Ada and agents in Zendesk Agent Workspace. Customers are seamlessly introduced to a live agent within the same channel, without having to switch channels to be connected with a human agent. They thus benefit from the differentiating technology of each solution. Instead of waiting for a live chat with an agent – ​​which eventually times out – customers and agents can respond in the chat at their convenience, truly asynchronously, increasing productivity on both sides of the interaction.

This exclusive partnership offers Ada and Zendesk customers an array of powerful features that other platforms can’t match – seamless handoff to live agents in Zendesk Messaging from web and social channels.

“We wanted to give our customers the ability to receive instant help without sacrificing the quality service we’re famous for – that’s why we chose Ada,” says Alix McShane, Customer Service Manager at Oh Polly, a brand international women’s fashion brand with philanthropy embedded in their company’s mission. “We intentionally built a really fun digital experience and it now solves 70% of our queries, speeding up our overall response times and giving us insight into our customers’ needs every step of the way.”

Build faster with platform updates that are just the start

Ada’s new products are being launched alongside key enhancements to its NLU models, data export API, and authoring tools. Improvements to the Conversation view of Ada’s platform help brands create and optimize more efficiently, with conversation data more accessible than ever. And enhancements to Cancel Capture enable brands to provide more understandable experiences to their customers, improving the likelihood of engagement.

Refining the builder experience with richer customer insights and a more holistic view of each customer will enable brands to drive more and more valuable brand interactions. And that’s just the beginning, with more innovations and improvements on the way.

If you want to know more about Ada, please visit

Urgent warning for one million Android users as popular camera app is BANNED after being found to contain malware Sun, 19 Jun 2022 12:30:45 +0000

OVER a million Android users are warned to be on high alert after a popular camera app was banned from the Google Play Store for containing harmful malware.

Here’s what you need to know and why you’re prompted to delete it now.


Google has removed its popular PIP Pic Camera Photo Editor from the App Store after learning it contains malware that can corrupt devices and steal Facebook credentialsCredit: Getty

Google just removed the hugely popular PIP Pic Camera Photo Editor, but not before it’s been downloaded over a million times.

Until earlier this week, the image-editing software was still available to download and install, but Google has just blocked access after being alerted to the security breach.

The app was found to contain malware capable of stealing Facebook credentials, including usernames and passwords.

This could allow hackers to access accounts, steal personal data, and send fraudulent messages to contacts.

Warning after thousands of phone numbers were stolen by scammers in Robinhood hack

Experts advise to immediately remove the app from all your devices if you currently have it installed.

You are also warned to change your Facebook password without delay.

This threat was discovered by the team of Dr WebBut it’s not the only app that has raised red flags at the Russian IT security solutions provider.

According to the latest information from the security company reportthere are four other apps that all contain malware capable of displaying unwanted ads and draining battery life.

It is even said that they can make unauthorized changes to the phone itself.

In addition, the IT platform, SecNewsgoes further to say that adware infections can cause the constant appearance of unwanted advertisements, deterioration of user experience and overheating of the device.

Other apps named are Wild & Exotic Animal Wallpaper, ZodiHoroscope, PIP Camera 2022 and Magnifier Flashlight.

According to the cybersecurity platform HackReadcollectively, the affected apps have over two million downloads.

Some of these apps have been removed by Google as ZodiHoroscope and PIP Camera 2022 are no longer available for download.

TikTok star dies aged 19 as family announces
How to Watch Agility Championship Preliminaries Before Breed Competitions

As with all apps, before you start downloading anything to your device, experts advise checking who developed the software.

It is also a good idea to read as many tech reviews as possible before installing the app on any of your devices.

West Bengal man detained for harassing borrowers with altered photos Fri, 17 Jun 2022 14:22:27 +0000

Shoaib was part of a loan collection team for loan application companies. He had gathered the borrowers’ details and saved them on his laptop. Although he lost his job, he continued to harass borrowers, asking them to repay the loans. He sent transformed photos of the victim’s friends and family members to the victim’s contacts.

Via the Newsmeter network Published on Jun 17, 2022 2:22 p.m. GMT

Loan app racket: West Bengal man detained for harassing borrowers with altered photos

Hyderabad: On June 17, Rachakonda Cybercrime Police arrested a 24-year-old man for harassing people who took loans from lending app companies.

A case under various sections of IPC and IT Act has been registered against Shoaib Aktar from Uttar Dinajpur district in West Bengal. The police seized various items from him, including three mobile phones, a laptop, two checkbooks, debit cards, 12 Sim cards, a fingerprint scanner and Rs in cash. 5,200.

Shoaib was part of a loan collection team for loan application companies. He had gathered the borrowers’ details and saved them on his laptop. Although he lost his job, he continued to harass borrowers, asking them to repay the loans. He sent transformed photos of the victim’s friends and family members to the victim’s contacts.

A person who took a loan from the KreditBee Instant Loan app filed a complaint against Shoaib. Although the complainant repaid the loan, he continued to receive harassing calls and altered photos from friends and family. The caller also threatened to send the photos to the complainant’s contacts via WhatsApp.

During the investigation, the police discovered that Shoaib was involved in similar crimes at various police stations in Telangana.

Rachakonda Cyber ​​Crime Team traveled to West Bengal and arrested Shoaib and brought him to Hyderabad for remand custody and sent him into custody.

Next story

How to protect yourself from fraudulent app scams Thu, 16 Jun 2022 02:53:31 +0000

Fraudulent apps have been a threat to many users who have unknowingly lost money. These are fake apps which are mirrors of legit apps available in the market. Fraudsters and scammers create apps to trick people into using them. These apps might look like popular apps to trick users, who download them on their phones or laptops. It can be a jumble of words that more or less resemble frequently used apps. However, these apps have one thing in common; they are disguised as genuine apps and are well built.

It is common knowledge that many of these scam apps have also been promoted and advertised on Google, Facebook, Instagram and TikTok among others. According to published reports, more than 500,000 Indians have been defrauded of around Rs. 150 crore through Chinese apps. Many of these investment requests have been used to defraud retail investors.

There are too many cash apps that have witnessed a high percentage of fraud. Indeed, they cause direct financial damage. Some of these apps are; Ultima Keyboard space 3D pro, GT Sports Racing Online, Fitness Ultimate 2o21, wifi passcode unlock, video mixer editor pro, RT news, UC browser, Clean It Reface Ultra, live photo animator, ultra camera HD, water drinker reminder, magic shuffle, etc. Researchers have identified more than 151 apps that, once installed on phones, can carry out fraudulent activities.

There are far too many cash apps that have been subject to a significant number of frauds. This is because they cause immediate financial harm.

India has become one of the fastest growing internet and mobile markets, and digital adoption has been at lightning speed due to affordable internet connectivity, widespread smartphone penetration and growing household income. With over a billion mobile subscribers, India is the leading country in terms of app installs. The push of digitization by stakeholders has exasperated the use of networks and applications. The number of mobile apps used in India stands at around 3.48 million apps. Google Play and Apple app stores have the most registered apps. These apps mostly work in areas like credit, investing, cryptocurrency, healthcare, aggregators, agriculture, data monitoring, gaming, stock markets, and more. The risk for users is certainly high, because the use of mobile applications is high, especially in open architecture.

These apps can access phone locations, conduct phishing activities, use phone data, abuse your payment gateway and lead to financial loss. The data can be accessed and used for various illegal purposes. Such requests may have financial and non-financial implications. Internet users must be very vigilant to ensure that they do not become victims of these fraudsters.

The Indian government has taken steps to eradicate cybercrime. The local police regularly arrested fraudsters and also investigated the promoters of such apps. The government has also banned Chinese apps to protect investors. A full list of fake apps has also been released to raise awareness.

The Indian government has taken steps to combat cybercrime. Local cops have regularly caught scammers and probed those who advertise such apps.

App users should be careful before downloading such apps. Users should not take the bait and fall prey to these scammers. User research of apps is a must before using and downloading apps. It is also important to check the reviews before using them. It is also important to look for details such as the developer of the application and the non-symmetrical placement of logos. Users should choose apps that have been developed by branded and well-established companies. Scam apps are developed for short-term use and therefore do not have the same quality as genuine apps.

Password protection is a very basic step that users need to follow. Passwords should be changed frequently and should not be shared. Identity theft prevention is a very important aspect that can be achieved by protecting information. Two-factor authentication would certainly reduce the risk for users. Information tokenization is a way to secure data, especially sensitive data.

Details are stolen by fraudsters and fake accounts are opened which are then misused. Users should verify the URL before clicking on it. There are cases of page hijacking, where clicking on the link may redirect the user to a website. The user can feed the data, which can be misused. Users can protect it by providing data to a secure, OTP-generating website.

Users must also avoid downloading files from unknown sites. These apps may contain malware or spyware that can access phone or PC data. This malware can transmit data, such as calls, messages and advertisements soliciting the use of certain apps, which may be a phishing attempt. It is a mechanism to obtain data and information, and fraudsters can easily misuse this data. It is also important to know that mobile apps are less secure than websites. Mobile phones have far fewer security tools than websites.

Checking Internet and phone data bills is a secure method to cross-check and monitor unauthorized usage. Storing passwords, authentication, and credit and debit card details on phones and tablets poses a security threat. Using a secure network is a way to minimize risk to users, as open networks are vulnerable.

Regularly checking bank account statements is a good mechanism to ensure that your balances are intact. As the threat increases, a large number of tools are available for fraud detection. Artificial intelligence and machine learning technology are available for fraud detection. Tools like Seon, Emailage, etc. can help prevent fraud. Many fraud detection software are available. Google Play also has a built-in mechanism to minimize fraud.

India’s push towards cashless payment has taken the size of the industry to $204 billion. Mobile phones are a hugely popular way to make payments, where $290 billion has been exchanged. Mobile payments have grown faster than credit and debit cards. Mobile payment recharges are an indication of the extent to which mobile phones are used. The UTR system in India has been successful, unlike China, where WeChat has caused bank deposit leaks. India’s IT infrastructure has stood the test of time. Secure phones and networks will play a critical role in minimizing the loss of accounts due to fraud. Many tools can protect and prevent fraud.

But the user will have to follow protocols such as password protection, strong authentication, selection of secure networks and basic file verification before using applications. Finally, digital literacy and the human element will play a major role in preventing fraud, because you have to stick to the basics and be vigilant.

The author is the former president of ESB.

(Disclaimer: The views expressed are those of the author and Outlook Money does not necessarily endorse them. Outlook Money will not be liable for any damages caused to any person/organization directly or indirectly.)

Using Continuous Intelligence to Address Cloud-Native Application Security Challenges Tue, 14 Jun 2022 12:38:26 +0000

Security solutions that use continuous intelligence can gain real-time intelligence about security threats from cloud-native applications.

Modern cloud-native applications are often difficult to secure due to their complex nature. They are highly distributed, composed of open-source software and libraries, include many microservices (many of which are provided by third parties), and obtain and provide easy access to data through APIs. Identifying cloud-native application security issues and protecting against threats goes beyond traditional tools that simply monitor operations.

Some recent developments put the potential security issues of cloud-native applications into perspective. For example, a recent study identified 450,000 Kubernetes API servers. And of those, 380,000 have granted some form of access. The researchers noted that: “While this does not mean that these instances are fully open or vulnerable to attack, it is likely that this level of access was not intended, and these instances are an unnecessary attack surface. exposed. They also allow leaks of version and build information.

This makes cloud security all the more challenging, requiring better observability and understanding of interdependencies within cloud-native applications.

Another factor that attracts a lot of attention is the fact that the main open source software and libraries used in many cloud-native applications are susceptible to attack.

One of these vulnerabilities was associated with the Apache Log4j software library. According to the Computer & Infrastructure Security Agency (CISA), “Log4j is very widely used in a variety of consumer and enterprise services, websites and applications, as well as operational technology products, to log security and performance information. A remote actor unauthenticated could exploit this vulnerability to take control of an affected system.

The problem is that the software has been widely used for years. And it is integrated into many applications. Modern application development techniques based on microservices, APIs, and composables make it easy to integrate such software into many applications without even knowing it by simply reusing the components that perform core Log4j functions. Low-code/no-code methods allow for even easier use and reuse of components, magnifying problems.

And in April, CISA added the remote code execution (RCE) vulnerability affecting Spring Framework to its Catalog of known exploited vulnerabilities. The designation was based on evidence of active exploitation.

In both cases, the vulnerabilities are in very commonly used software embedded in a wide range of applications and services. The Spring Framework “provides a comprehensive programming and configuration model for modern Java-based enterprise applications – on any type of deployment platform,” according to Spring. “A key part of Spring is application-level infrastructure support: Spring focuses on enterprise application plumbing so teams can focus on application-level business logic, without unnecessary ties to specific deployment environments.”

In the case of the Spring Framework vulnerability, a recently disclosed remote code execution flaw could potentially be exploited to allow unauthenticated attackers to take control of a system. Similar to Log4j, Spring is widely used, and many organizations may not know exactly if or where it is used.

This month, new attention has been given to the leaking of credentials from many open source projects. Specifically, Ars-Technica reported: “A service that helps open source developers write and test software leaks thousands of authentication tokens and other security-sensitive secrets. Many of these leaks give hackers access to developers’ private accounts on Github, Docker, AWS, and other code repositories.

See also: Cybersecurity must soar to meet today’s threats

How SOAR can help cloud-native application security

Modern cloud-native applications are becoming increasingly complex and difficult to secure. Those responsible for protecting the enterprise against cyber threats must quickly assimilate data from multiple logs, traces, and alerts from security information and event management (SIEM) systems and other security technologies. They must then quickly obtain information on imminent threats in real time and act instantly. Increasingly, the way to achieve this is to use SOAR (Security Orchestration, Automation, and Response).

One of SOAR’s greatest strengths is its ability to apply automation to security operations (SecOps). By automating processes, SOAR frees up analysts’ time to use for more strategic initiatives rather than repetitive, menial tasks. Specifically, tasks previously performed by SecOps personnel, such as vulnerability scanning, log analysis, and ticket verification, can now be performed automatically by a SOAR platform. Additionally, artificial intelligence (AI) and machine learning can be applied to gain insights. SOAR solutions are often used to elevate threats if human intervention is needed, make recommendations for action, and automate responses. They use continuous intelligence to gain real-time information on which a business can base its response to a threat.

Such automation is essential today. The rate at which threats evolve increases the demand for skilled security professionals. The only problem is that many companies are finding it increasingly difficult to recruit an adequate team of cybersecurity professionals.