In the introductory post of this series, we reviewed what an Active Directory (AD) service account is, explained why these privileged accounts are a serious security risk, and promised to detail 4 types of attacks on service accounts in future posts. This post explores the first of those attacks: LDAP reconnaissance, which attackers can use to discover service accounts in an IT environment while avoiding detection.
In the first post of these series we showed how an adversary can discover Active Directory service accounts with PowerShell, and the second post demonstrated how to crack their passwords using the Kerberoasting technique. Now let’s see how an attacker can exploit a compromised service account using Kerberos Silver Tickets to forge TGS tickets.
Passwords are an easy way to implement an authentication mechanism in which the user is asked to enter a string of characters (that he had chosen) to log in to his accounts. We will cover brute force attacks, types and examples in this blog article.
Crypto miners are determined in their objective of mining in other people's resources. Proof of this is one of the latest samples identified with AT&T Alien Labs, with at least 100 different loaders and at least 4 different stages to ensure their miner and backdoor run smoothly in the infected systems.
LastPass, the popular password manager used by millions of people around the world, has announced that it suffered a security breach two weeks ago that saw attackers break into its systems and steal information. But don’t panic just yet – that doesn’t mean that all of your passwords are now in the hands of internet criminals.
Read also: Greece’s natural gas supplier DESFA hit with ransomware, an advanced BEC campaign targets high-ranking executives, and more.
In 2013, a group of ethical hackers started penetration testing to make the Internet a safer place. After hacking companies such as Google, Facebook among others, they realized they could automate their findings to help companies monitor their attack surface and founded Detectify. Fast forward a few years and Detectify’s Crowdsource network boasts of 400+ elite ethical hackers.
Limited data retention resulting from financial or technological constraints makes it hard for security teams to see the complete history of an attack. This lack of full context about a threat — or a potential threat — eventually catches up with organizations, leading to longer dwell times and increased risk of a breach.
On August 4, 2022, Advanced – a major software provider for the UK’s National Health System (NHS) and other healthcare customers – suffered a ransomware attack from a group that is still unknown to the public. The attack disrupted NHS services including ambulance dispatch, appointment bookings, patient referrals and emergency prescriptions.
Observing the ongoing conflict between Russia and Ukraine, we can clearly see that cyberattacks leveraging malware are an important part of modern hybrid war strategy. While conventional warfare is conducted on the battlefield and limited by several factors, cyber warfare continues in cyber space, offering the chance to infiltrate and damage targets far behind the frontlines. Russia utilized cyberattacks during the initial phase of the invasion in February.
In this post, we’ll look at the security blindspots of lockfile injection that a Ruby gem might expose via its Gemfile.lock. As a prelude to that, we will open up with a brief introduction to Ruby and third-party dependencies management around RubyGems and Bundler. Web developers often work on Ruby projects, but are mostly referring to them as the popular open source web application framework Ruby on Rails.
Cyber attacks are on the rise, and they show no signs of slowing down. In fact, many experts believe that we are only seeing the tip of the iceberg when it comes to cybercrime. As businesses continue to move their operations online, they become increasingly vulnerable to cyberattacks. In this blog post, we will take a look at the five most dangerous cyberattacks in history. These attacks have caused billions of dollars in damage and affected millions.
It seems like every week another household brand announces that they’ve been the victim of a data breach. Recently, cloud communications company Twilio announced that its internal systems were breached after attackers obtained employee credentials using an SMS phishing attack. Around the same time, Cloudflare, a content delivery network and DDoS mitigation company, reported that its employees were also targeted but their systems were not compromised.
Managing a small business can often feel like having 100 tabs open at once. Between handling client relations, organising taxes, and keeping up with day-to-day operations, cybersecurity (particularly data security) tends to fall along the wayside. Not because business owners don’t care, but because there is simply too much to care about. For small businesses, priorities often lie with directing their resources toward creating sustainable revenue streams.
CrowdStrike today unveiled the next evolution of CrowdStrike’s industry-first IOAs: artificial intelligence (AI)-powered IOAs.
Creating and running an application in your favorite language is usually pretty simple. After you create your application, deploying it and showing it to the world is also quite straightforward. The last thing you need is someone to take over your system and fully control your brand new application. In this article, I’ll explain how this can happen with a reverse shell attack. Note that the code examples in this article are for educational purposes only.
Cyberattacks are constantly changing. That you know. But how are they changing? And which types of threats are the most prominent today? Those are the real questions you need to answer to stay ahead of modern security risks. Keep reading for a primer on the most prevalent types of cyber security threats in 2022, along with insights on how to build a defense strategy against them. (For a comprehensive view, check out our cybersecurity threats explainer.)
Accelerated digitalization due to the pandemic and the need to adapt quickly to distance learning made schools the perfect target for cybercriminals. Moreover, compared to universities and based on disadvantages in terms of available technology and skills, primary and secondary education was even less prepared to meet the new security challenges posed by increased exposure and heightened risks.
We talk extensively about the impact of inbound cybersecurity attacks and the devastation they can cause, but what about outbound data loss? According to an IBM study, human error is the leading cause of 95% of cybersecurity breaches. That means 19 in 20 breaches could be avoided entirely if not for a person introducing risk either through human error, deliberately breaking security protocol, or malicious behavior.
On June 8, an explosion took place at Freeport LNG’s liquefied natural gas (LNG) export facility in Quintana, Texas. The company later explained that the explosion resulted from a rupture in an over-pressurized pipeline, but did not comment as to how the pressure built up enough to cause such a rupture. In the wake of the explosion, Freeport reported that the outage resulting from it would persist until September, after which the facility would only resume partial operations.
Cyberattacks are an increasingly common occurrence for a spectrum of industries. Rising cybercrime affects everyone, but certain sectors are more at risk than others. In 2023, the auto industry could face particularly significant dangers. Attacks in the automotive space can impact automakers, automotive fleets, and consumers alike. Reducing these risks will be crucial as more cybercriminals seek to capitalize on the sector’s vulnerabilities.
The hybrid working model is the new norm due to its effectiveness and the productivity it offers. However, it does pose significant drawbacks to an organization's network security, making it vulnerable to several cyber-attacks such as credential harvesting.
