As we are all currently confined to a life at home during the pandemic, it has become more important than ever that our favorite web applications stay fast and reliable. Many modern web applications use web caches to keep up with these demands. While this works wonders from a performance perspective, it also opens up new attack vectors. One of these new attack vectors is called Web Cache Poisoning.

Modern web applications are complex, it is often made up of many layers where potential flaws could appear making it hard to secure. That’s why it’s important to understand the key attack vectors hackers use to spot entry points and map your attack surface during reconnaissance and work back from there to protect your web application footprint.

Gaining more popularity among hackers, man in the middle attacks aims to exploit the real time transfer of data. Keep reading to learn more! When attacking an organization, hackers are focused on being swift and stealthy. In order to successfully infiltrate, steal sensitive information or hurt an organization in various other ways, hackers must be able to go under the radar for a while.

This blog was written by a third party author. Distributed denial of Service (DDoS) attacks stand as some of the most disruptive and costly cyberattacks that organizations face on a regular basis. Cyber criminals use DDoS attacks to make websites and other online services unavailable for legitimate use.

Distributed denial of service (DDoS) is a broad class of cyberattack that disrupts online services and resources by overwhelming them with traffic. This renders the targeted online service unusable for the duration of the DDoS attack. The hallmark of DDoS attacks is the distributed nature of the malicious traffic, which typically originates from a botnet—a criminally-controlled network of compromised machines spread around the globe.

Buffers are regions of memory storage that temporarily store data while it’s being transferred from one location to another. A buffer overflow, also known as a buffer overrun, takes place when the volume of data is more than the storage capacity of the memory buffer. Resultantly, the program that tries to write the data to the buffer replaces the adjacent memory locations. If a user enters 10 bytes, that is 2 bytes more than the buffer capacity, the buffer overflow occurs.

A number of domain “forgeries” or tricky, translated look-alikes have been observed recently. These attack campaigns cleverly abuse International Domain Names (IDN) which, once translated into ASCII in a standard browser, result in the appearance of a corporate or organization name that allows the targeting of such organization’s domains for impersonation or hijacking. This attack has been researched and defined in past campaigns as an IDN homograph attack.

Credential stuffing is one of the most common forms of online crime, it is the act of testing stolen passwords and usernames against website login forms, to validate the credentials for malicious reuse. Once a match is found, the attacker can easily commit various types of fraud. When credentials are stolen through a database breach, malware, or other means, they are kept for use in future attacks against many different targets.