Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2024

Shamane Tan on cyber resilience - Cyber Security Decoded

Apr 30, 2024 By Rubrik In Rubrik
Bouncing back from a cyber incident, data breach or #ransomware attack is a great accomplishment…but how can you bounce forward? A complete Cyber Resilience strategy is mission-critical. Security teams should be proactive and have response plans in place for when #CyberAttacks hit, rather than attempting to prevent attacks from occurring. With a #CyberResilience strategy, your team will be equipped with a plan when a cyber incident occurs while also having tools to identify those malicious attacks before they happen.
View Video
Arctic Wolf

The Top 11 Legal Industry Cyber Attacks

Apr 30, 2024 By Arctic Wolf In Arctic Wolf
A law firm can only be successful if it can meet the needs of its clients, and few components put that success at risk more than the rising danger and repercussions of a cyber attack. In addition to the time, effort, and money a firm must spend responding to a successful breach, employees may find themselves unable to access the firm’s technology and, therefore, unable to bill hours.
Read Post
jfrog

JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories

Apr 30, 2024 By Andrey Polkovnichenko In JFrog
As key parts of the software ecosystem, and as partners, JFrog and Docker are working together to strengthen the software ecosystem. Part of this effort by JFrog’s security research team involves continuous monitoring of open-source software registries in order to proactively identify and address potential malware and vulnerability threats.
Read Post
ionix

Preventing Magecart Attacks Through Supply Chain Vulnerabilities

Apr 30, 2024 By Nethanel Gelernter In IONIX
The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that is depended on for a particular first-party service (such as your website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks. The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised.
Read Post
knowbe4

Targeted Smishing Attacks by Threat Group "The Com" On The Rise

Apr 29, 2024 By Stu Sjouwerman In KnowBe4
Cyber activity by the group "The Com," which leverages (SIM) swapping, cryptocurrency theft, swatting, and corporate intrusions, is increasing. Security researchers at Intel471 have published an analysis of the threat group, “The Com” (short for “The Community”), providing details about their targets and tactics. Operating mostly from Canada, the U.S.
Read Post
safebreach

Architecting Cyber Resilience: Building Your Breach and Attack Simulation Program

Apr 25, 2024 By SafeBreach In SafeBreach
In recent years, breach and attack simulation (BAS) has gained significant traction among enterprises, emerging as a crucial component in fortifying proactive security by automating the ongoing testing of threat vectors. It empowers organizations to verify potential threats, enhance security controls, identify vulnerabilities in critical assets, and prioritize remediation efforts to bolster cyber resilience.
Read Post
netacea

AI-driven cyber attacks to be the norm within a year, say security leaders

Apr 24, 2024 By Netacea In Netacea
New research from Netacea reveals 93% of security leaders expect to face daily AI-driven attacks by the end of this year. Ransomware and phishing attacks are expected to be enhanced by offensive AI, but bots remain an underestimated threat. All respondents are benefiting from AI in their security stack, but adoption of bot management is lagging behind.
Read Post
manageengine

Combating phishing attacks with passwordless FIDO2 authentication

Apr 24, 2024 By ADSelfService Plus In ManageEngine
Attackers predominantly use phishing attacks to steal and misuse user identities. A global Statista study on employee-reported malicious emails revealed that in the first quarter of 2023, 58.2% of malicious emails were credential theft attacks, 40.5% were impersonation attacks, and 1.3% were malware deliveries. Phishing attacks create a sense of urgency and panic in users, who, as a result, easily fall victim to them.
Read Post
indusface

Top 10 Best Practices for Attack Surface Reduction

Apr 24, 2024 By Vinugayathri Chinnasamy In Indusface
Vulnerabilities are everywhere and often exploited. For example, in 2023, over 29,000 critical and high vulnerabilities were discovered across approximately 1,400 applications. The dynamic and evolving attack surfaces make it harder to protect against these threats. When the attack surface gets bigger, so does the risk of cyber attacks. This blog delves into what an attack surface is and recommends best practices in attack surface reduction.
Read Post
keeper

How Password Managers Protect You From Cyber Attacks

Apr 24, 2024 By Tim Tran In Keeper
Cybercriminals use a variety of cyber attacks to steal your sensitive information. However, a password manager can help prevent you from falling victim to them. Password managers protect your sensitive information from being stolen by unauthorized users by ensuring that your passwords are strong and unique. They also protect your sensitive information from getting stolen by using autofill features and encryption.
Read Post
knowbe4

4 out of 5 of Physicians Were Impacted by February's Cyber Attack on Change Healthcare

Apr 22, 2024 By Stu Sjouwerman In KnowBe4
A new survey of physicians details the devastating impact of the Change Healthcare cyber attack on the healthcare sector. In February, a cyber attack on Change Healthcare brought much of the U.S. healthcare system to a halt. The revenue and payment cycle management provider is central to connecting payers, providers and patients within the U.S. healthcare system to ensure payments are made.
Read Post
Trustwave

Behind the Scenes of the Change Healthcare Ransomware Attack Cyber Gang Dispute

Apr 18, 2024 By Greg Monson In Trustwave
April 16, 2024: UnitedHealth Group, parent of Change Healthcare, reported on April 16, 2024 in its Q1 results a negative impact of $872 million “in unfavorable cyberattack effects” due to cyberattack direct response costs and the business disruption impacts. The company anticipates additional costs associated with the attack.
Read Post
a10 networks

Carpet-bombing Attacks Highlight the Need for Intelligent and Automated DDoS Protection

Apr 17, 2024 By Terry Young In A10 Networks
Recently a large service provider in Eastern Europe contacted the A10 threat research team for insight into a series of DDoS attacks against its network. While the attacks were not service impacting, the frequency and persistence of the attacks raised internal concerns that the attacks might mask a more malicious intent: could this be a state actor planting malware or testing their defenses for a larger attack against critical infrastructure?
Read Post
indusface

13 Best DDoS Protection Software in the Market 2024

Apr 16, 2024 By Vivek Gopalan In Indusface
With DDoS attacks on the rise—surpassing 4.25 billion in 2023—the right protection is crucial. Costly downtime—$6,130/minute—underscores the urgency. These attacks are getting more sophisticated, especially those that target the application layer. They’re hard to spot because they look like normal traffic and can seriously mess up a company’s operations and finances.
Read Post
knowbe4

Cisco Calls Out Organizations As Being "Overconfident and Unprepared" for Cyber Attacks

Apr 16, 2024 By Stu Sjouwerman In KnowBe4
In a new report, Cisco says the cyber readiness of organizations is lacking despite having experienced multiple cyber attacks within the last year. The maturity of an organization’s state of cyber readiness may very well dictate the outcome of an attack; it’s one thing to have a bunch of solutions in place, and it’s completely another to have the right solutions, policies, practices, and plans in place to address cyber risks.
Read Post
keeper

How To Prevent Brute Force Attacks

Apr 16, 2024 By Tim Tran In Keeper
Brute force attacks are one of the most common methods used by cybercriminals to steal credentials from organizations. To prevent brute force attacks, organizations need to enforce the use of strong and unique passwords, invest in a business password manager, require employees to enable MFA, monitor and limit login attempts, implement passwordless authentication and delete inactive accounts.
Read Post
jit

A Step-by-Step Guide to Preventing Javascript Injections

Apr 16, 2024 By The Jit Team In Jit
If over 40 major banks can be the target of JavaScript injection attacks, let’s be honest – so can you. In 2023, a malware campaign using this attack method affected 50,000 user sessions across more than 40 financial institutions worldwide, leaving many dev teams in pure damage-control mode. A large number of professional developers (especially front-end developers) use JavaScript more often than any other programming language.
Read Post
knowbe4

UK Councils Under Cyber Attack: The Urgent Need for a Culture of Cybersecurity and Resilience

Apr 12, 2024 By Javvad Malik In KnowBe4
The very fabric that stitches our society together — our councils and local governing bodies — is under a silent siege from cyber attacks. The recent ransomware assault on Leicester Council is another real life cybercrime added to a growing list of attacks in the UK.
Read Post
cyberark

Understanding APIs and How Attackers Abuse Them to Steal Data

Apr 12, 2024 By John Walsh In CyberArk
Simply put, APIs (short for application programming interface) are how machines, cloud workloads, automation and other non-human entities communicate with one another. They also represent an access point to highly sensitive company data and services. Almost every organization uses these machine interfaces, and their usage is only growing because they are essential to digital transformation and automation initiatives.
Read Post
SecurityScorecard

Cyberattack at Sisense Puts Critical Infrastructure on Alert

Apr 11, 2024 By SecurityScorecard In SecurityScorecard
The cybersecurity community woke up on Thursday to news of a cyberattack on Sisense, a major business analytics software company. It’s thought that the breach may have exposed hundreds of Sisense’s customers to a supply chain attack and provided the attacker with a door into the company’s customer networks.
Read Post
securitysenses

The Future of Cybersecurity: Leveraging Breach and Attack Simulation for Proactive Defense

Apr 10, 2024 By SecuritySenses In SecuritySenses
The digital landscape is no longer a frontier; it's a full-fledged battlefield. As organizations become increasingly reliant on interconnected technologies, their attack surface expands exponentially. Firewalls and antivirus software, the traditional defense lines, are akin to medieval fortifications in the face of modern artillery. To survive in this ever-evolving warzone, organizations need a proactive approach, a way to anticipate and counter threats before they inflict damage. Enter Breach and Attack Simulation (BAS), a transformative tool poised to revolutionize the future of cybersecurity.
Read Post
Arctic Wolf

The Top 18 Healthcare Industry Cyber Attacks of the Past Decade

Apr 10, 2024 By Arctic Wolf In Arctic Wolf
10.93 million dollars USD. That’s the average cost of a healthcare breach in the U.S. It’s an alarming number that’s only continued to climb, increasing by over 53% in the past three years, according to IBM’s 2023 Cost of a Data Breach Report. In fact, the healthcare industry has had the highest average cost of a breach for 13 years running. It’s not just the costs that are climbing, either.
Read Post
komodo consulting

Having Fun with SSRF HTML to PDF Exports: A Cybersecurity Exploration

Apr 10, 2024 By Komodo Research In Komodo Consulting
PDF Exports: Hidden SSRF Risk In the realm of cybersecurity, understanding vulnerabilities is paramount to safeguarding sensitive data and maintaining the integrity of systems. One such vulnerability that often lurks in the shadows is SSRF, or Server Side Request Forgery. While SSRF vulnerabilities have been extensively discussed in various contexts, today, we're going to delve into a unique perspective – exploring SSRF vulnerabilities through the lens of HTML to PDF exports.
Read Post
CrowdStrike

CrowdStrike Extends Identity Security Capabilities to Stop Attacks in the Cloud

Apr 10, 2024 By Venu Shastri In CrowdStrike
Two recent Microsoft breaches underscore the growing problem of cloud identity attacks and why it’s critical to stop them. While Microsoft Active Directory (AD) remains a prime target for attackers, cloud identity stores such as Microsoft Entra ID are also a target of opportunity. The reason is simple: Threat actors increasingly seek to mimic legitimate users in the target system. They can just as easily abuse identities from cloud identity providers as they can in on-premises AD environments.
Read Post
SecurityScorecard

Change Healthcare Ransomware Attack Spotlights Single Point of Failure with Third-Party Vendor

Apr 10, 2024 By SecurityScorecard In SecurityScorecard
The ongoing cyberattack on Change Healthcare, a major player in medical claims processing in the United States, had profound repercussions across the healthcare sector. With the company forced to disconnect over 100 systems, medical claims processing ground to a halt. This disruption, termed by the president and chief executive of the American Hospital Association as “the most serious incident of its kind” in healthcare, brought many medical providers to the brink of closure.
Read Post
elastic

Tracing history: The generative AI revolution in SIEM

Apr 9, 2024 By Mike Nichols, In Elastic
The cybersecurity domain mirrors the physical space, with the security operations center (SOC) acting as your digital police department. Cybersecurity analysts are like the police, working to deter cybercriminals from attempting attacks on their organization or stopping them in their tracks if they try it. When an attack occurs, incident responders, akin to digital detectives, piece together clues from many different sources to determine the order and details of events before building a remediation plan.
Read Post
Trustwave

Healthcare Industry on High Alert: Trustwave Research Reveals Cyber Threats Persist

Apr 9, 2024 By Trustwave In Trustwave
Recent cyberattacks and the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) research indicate the danger facing the healthcare industry is not subsiding, which means healthcare providers must maintain a high level of alert and continue to bolster their cyber defenses.
Read Post
cyberark

Cookies Beyond Browsers: How Session-Based Attacks Are Evolving

Apr 9, 2024 By Shay Nahari In CyberArk
In the past few years, we have witnessed a significant shift in the attack landscape, from stealing clear text credentials to targeting session-based authentication. This trend is driven by the proliferation of multi-factor authentication (MFA), which makes it harder for attackers to compromise accounts with just passwords.
Read Post
alienvault

The Hidden Threat in Plain Sight: Analyzing Subtextual Attacks in Digital Communications

Apr 9, 2024 By Nahla Davies In AT&T Cybersecurity
In our always-online world, we're facing a new kind of cyber threat that's just as sneaky as it is harmful: subtextual attacks. These aren't your run-of-the-mill security breaches; they're cunningly crafted messages that may look harmless—but they actually carry a dangerous payload within them. Join me as we take a closer look at this under-the-radar, but still dangerous, threat.
Read Post
cyberint

The Weak Link: Recent Supply Chain Attacks Examined

Apr 8, 2024 By Shmuel Gihon In Cyberint
Supply chain attacks are a growing and increasingly sophisticated form of cyber threat. They target the complex network of relationships between organizations and their suppliers, vendors, and third-party service providers. These attacks exploit vulnerabilities that emerge due to the interconnected nature of digital supply chains, which often span multiple organizations, systems, and geographies.
Read Post
Snyk

Exploiting HTTP/2 CONTINUATION frames for DoS attacks

Apr 8, 2024 By Vandana Verma Sehgal In Snyk
The vulnerability lies in the way HTTP/2 implementations handle CONTINUATION frames, which are used to transmit header blocks larger than the maximum frame size. Attackers exploit this weakness by sending an excessive number of CONTINUATION frames within a single HTTP/2 stream. This flood of frames overwhelms the server's capacity to process them efficiently.
Read Post

AT&T DDoS Defense Portal Email Alert Video

Apr 8, 2024 By LevelBlue In LevelBlue
In this video, you'll learn about AT&T DDoS Defense Service Alert Emails. We'll also give you an overview of the investigation process. For any high severity alerts, which are caused by traffic exceeding thresholds in protected zones, the DDoS Defense Service sends an alert email to your contacts. At the same time, a ticket is created for the AT&T Threat Management Team to investigate the alert.
View Video
keeper

How To Protect Your Organization From Targeted Attacks

Apr 8, 2024 By Aranza Trevino In Keeper
A targeted attack is a complex cyber attack tailored to specific organizations or employees. The best way to protect your organization from targeted attacks is to reduce its attack surface, invest in a Privileged Access Management (PAM) solution, create an incident response plan and educate employees on cybersecurity best practices. Continue reading to learn what makes targeted attacks dangerous and how your organization can protect against them.
Read Post
Arctic Wolf

The Continuing Rise of Remote Code Execution

Apr 5, 2024 By Arctic Wolf In Arctic Wolf
There were nearly 29,000 vulnerabilities published in 2023, amounting to over 3,800 more common vulnerabilities and exposures (CVEs) being issued last year than in 2022. More troubling than the sheer volume of vulnerabilities in 2023 is that over half of them were given a CVSS score indicating high or critical severity — an increase of 57% YoY.
Read Post
idstrong

What Is An On-Path Attack and How Does It Work?

Apr 5, 2024 By Steven In IDStrong
Suppose someone left their home, got in their car, and drove to the grocery store. Much like data packets that travel over Internet highways, the car will use various pathways to reach its destination; however, once the car gets to the store, a question remains: what happened between the generating point and the destination? If nothing happened, the driver (our data) traveled safely and without incident.
Read Post
knowbe4

Apple Users Become the Latest Targets of MFA Attacks

Apr 4, 2024 By Stu Sjouwerman In KnowBe4
A new string of multi-factor authentication (MFA) attacks targeting the reset of Apple IDs seem to be popping up in a likely attempt to steal the victim’s digital identity and more. A recent post on Twitter/X from entrepreneur Parth Patel outlines his experience when his phone became inundated with requests to reset his Apple ID password – to the tune of over 100.
Read Post
knowbe4

IT Leaders Can't Stop AI and Deepfake Scams as They Top the List of Most Frequent Attacks

Apr 4, 2024 By Stu Sjouwerman In KnowBe4
New data shows that the attacks IT feels most inadequate to stop are the ones they’re experiencing the most. According to Keeper Security’s latest report, The Future of Defense: IT Leaders Brace for Unprecedented Cyber Threats, the most serious emerging types of technologies being used in modern cyber attacks lead with AI-powered attacks and deepfake technology. By itself, this information wouldn’t be that damning.
Read Post
keeper

Eight Common Attack Vectors Organizations Need To Be Aware Of

Apr 4, 2024 By Tim Tran In Keeper
An attack vector, also known as a threat vector, is a way for cybercriminals to gain access to an organization’s network or system. Some common types of attack vectors that organizations need to defend against include weak and compromised credentials, social engineering attacks, insider threats, unpatched software, lack of encryption and misconfigurations. Organizations must identify all of the potential attack vectors and protect their network against them to avoid security breaches.
Read Post
jit

Step-by-Step Guide to Preventing JavaScript Injections

Apr 4, 2024 By Jit In Jit
If over 40 major banks can be the target of JavaScript injection attacks, let’s be honest – so can you. In 2023, a malware campaign using this attack method affected 50,000 user sessions across more than 40 financial institutions worldwide, leaving many dev teams in pure damage-control mode. 67.9% of professional developers use JavaScript more often than any other programming language. Its popularity is understandable, given its versatile and interactive capabilities.
Read Post
armo

Yet another reason why the xz backdoor is a sneaky b@$tard

Apr 3, 2024 By Ben Hirschberg In ARMO
A contributor to the liblzma library (a compression library that is used by the OpenSSH project, among many others) submitted malicious code that included an obfuscated backdoor. Since the maintainers had no reason to suspect foul play, they accepted and merged the contribution. The malicious code made it into the compression library release, and later on to the OpenSSH server, which relies on the library in question.
Read Post
manageengine

RaaS attacks are on the rise: Top 5 tips to protect your organization

Apr 2, 2024 By General In ManageEngine
Over the years, we have seen a substantial amount of cyberattacks happening around the globe. The most infamous of them is the RaaS attack, which is taking over organizations of all sizes. An employee’s sheer negligence and lack of cybersecurity solutions put organizations at higher risk. In this article, we will share some tips that every organization needs to know in order to stay away from cyberattacks. Ransomware attacks have become prevalent in recent years and can happen to any organization.
Read Post
keeper

How KeeperFill Protects You From Spoofing Attacks

Apr 2, 2024 By Tim Tran In Keeper
Spoofing attacks are a common cyber attack that tricks people into revealing their login credentials by pretending to be a legitimate business website. Password managers, like Keeper Password Manager, have an autofill feature that can help protect against this type of attack. If you land on a spoofed website, Keeper’s autofill feature, KeeperFill®, will not fill in your login credentials if the URL stored in your password vault does not match the website you’re on.
Read Post
signmycode

What Is Privilege Escalation? How to Detect and Prevent Privilege Escalation Attacks in Windows

Apr 2, 2024 By SignMyCode In SignMyCode
Organizations usually rely on remote work capabilities, leading them to use cloud systems. But with increased use of cloud infrastructure, the vulnerability to cyberattacks increases. One such is the Privilege Escalation attack, a complex threat to any network. Multiple defense strategies are required to detect and prevent privilege escalation attacks, but understanding what this attack means is important even before that.
Read Post
CrowdStrike

CVE-2024-3094 and the XZ Upstream Supply Chain Attack: What You Need to Know

Apr 2, 2024 By Dumitra Dragos - Amit Serper - Suraj Sahu In CrowdStrike
CrowdStrike is committed to protecting our customers from the latest and most sophisticated cybersecurity threats. We are actively monitoring activity surrounding CVE-2024-3094, a recently identified vulnerability in XZ Utils.
Read Post
WatchGuard

Weak Authentication Attacks: 49% report high costs

Apr 1, 2024 By The Editor In WatchGuard
Cyberattacks on large companies grab the headlines, creating the false impression that only big organizations are targeted by cybercriminals. This misleads smaller companies into believing that they are not potential targets because of their size or low profile. However, threats against small and medium-sized companies have been a cause for concern in recent years. Experts warn that companies with fewer than 100 employees are especially vulnerable to a range of threats.
Read Post
knowbe4

Thread Hijacking Phishing Attack Targets Pennsylvania Journalist

Apr 1, 2024 By Stu Sjouwerman In KnowBe4
A journalist in Pennsylvania was targeted by phishing attacks that involved thread hijacking, according to Brian Krebs at KrebsOnSecurity. The journalist for LancasterOnline, Brett Sholtis, had written a story last year about a wealthy businessman named Adam Kidan who pleaded guilty to fraud in 2005. Several months after the story was published, Sholtis received two emails from Kidan’s email account.
Read Post
knowbe4

Despite Cybersecurity Improvements in UK Organizations, Attacks Still Persist

Apr 1, 2024 By Stu Sjouwerman In KnowBe4
The UK government's third phase of research shows how well UK organizations have been improving their cybersecurity efforts but indicates that the risk from certain attacks have only been reduced marginally. As part of the UK government’s National Cyber Strategy, their Cybersecurity Longitudinal Survey has been run three times to show how well UK businesses and charities are working to improve their state of cybersecurity.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.