Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

Securing Docker Containers Against Commando Cat Attacks: Best Practices for Enhanced Cybersecurity

Cybersecurity researchers have uncovered a malicious Python package in the Python Package Index (PyPI) repository designed to distribute an information stealer known as Lumma (aka LummaC2). The counterfeit package, crytic-compilers, mimics the legitimate crytic-compile library through typosquatting tactics. Before its removal by PyPI maintainers, the counterfeit package was downloaded 441 times. Impersonation and Deception Tactics.

Brazilian Entities Increasingly Targeted by Nation-State Phishing Attacks

Mandiant has published a report looking at cyber threats targeting Brazil, finding that more than 85% of government-backed phishing activity comes from threat actors based in China, North Korea and Russia. “The Brazil-focused targeting of these groups mirrors the broader priorities and industry targeting trends we see elsewhere,” the researchers write.

The Cyber Threats Targeting the UEFA League - Euro 2024

The UEFA League, alternatively known as Euro 2024, has officially started, marking a thrilling period for football fans worldwide. The unmatched enthusiasm for watching the matches, whether through digital screens or by experiencing the live vibe in the stadiums, has filled the air. However, this surge in excitement isn’t solely confined to sports fans but has also caught the attention of threat actors.

How Enterprise Identity Protection Can Prevent Cyber Attacks?

Protecting enterprise identities has never been more critical in today's interconnected business landscape. Cybersecurity Ventures predicts cybercrime will cost the world $10.5 trillion annually by 2025. Attacks on company identities are a major cause of cybercrime. Hackers are always trying to steal employee logins to get into company secrets. They use tricks like phishing emails and fancy hacking to do this. Protecting identities is super important for businesses, and it is not just an IT concern.

CDR: How Cloud Has Changed the Game

Some organizations are just beginning their migration to the cloud, while others are already firmly settled there, but almost everyone is in the cloud in some capacity by now. And for good reason: the cloud creates substantial advantages in speed, scalability, and cost. But the sobering reality is that modern threat actors have also made gains from migrating to the cloud. By weaponizing cloud automation, these threat actors can fully execute an attack in 10 minutes or less.

Expanding Cyber Threats: Sticky Werewolf Targets Russia and Belarus

The cyber threat landscape is constantly evolving, with new threat actors emerging and expanding their targets. Cybersecurity researchers have recently revealed information about a threat actor named Sticky Werewolf, who has been associated with cyber attacks on organizations in Russia and Belarus. This development highlights the critical need for robust cybersecurity measures, including stolen credentials detection, darknet monitoring services, and dark web surveillance.

New HR-Themed Credential Harvesting Phishing Attack Uses Legitimate Signature Platform Yousign

A new phishing campaign is exploiting the eSignature platform Yousign. There have been plenty of phishing attacks that leverage legitimate platforms to help establish credibility with security solutions – including online email services, web hosting, payment processors and more.

Four Ways to Prevent Credential Theft and Credential-Based Attacks

When it comes to cybercrime, there are few tactics as useful and widespread as credential theft and the use of stolen credentials. In the 2023 breach of password management giant Okta, it was a set of credentials that jumpstarted the incident — threat actors hacked into an employee’s personal Google account, where they found an Okta customer service account had also been saved.