Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

The Top Cyber Attacks of June 2022

Temperatures rose in June, and the threat of serious cyber attacks soared along with them. The start of summer saw revelations of major breaches in confidential medical information, a case study for changing-up hacked passwords, another round of victimization for people whose data has already been sold once before, and one high-profile threat to undermine an entire democracy. Let’s take a closer look at these troubling instances, plus one controversial effort to rein in the crimewave.

How to Keep Data Safe in Times of Cyberwar

As the world becomes more interconnected, the risk of large-scale cyber-attacks increases, especially for companies of critical importance such as those from the financial sector, healthcare, critical infrastructure, and government services. In the event of a cyberwar, the first casualties would be our data. Ironically, one of the sectors that neglect cyber security the most is healthcare. The other ones are the governments.

Webinar: Top Security Threats Worldwide: Q1 2022 - 30 June 2022

Join WatchGuard CSO Corey Nachreiner and Security Engineer Trevor Collins as they cover the latest Internet Security Report from the WatchGuard Threat Lab. In this session, Corey and Trevor will dive into the attack trends and latest malware variants targeting WatchGuard Firebox and Endpoint customers worldwide.

Lockdown Mode: Apple to protect users from targeted spyware attacks

Apple has previewed a new feature which aims to harden high-risk users from the serious threat of being spied upon by enemy states and intelligence agencies. “Lockdown Mode” is scheduled to arrive later this year with the release of Apple iOS 16 and macOS Ventura. It’s an optional feature for users who believe their computers and smartphones face a real risk of being targeted by sophisticated state-sponsored spyware.

Detectify Security Advisor explains account hijacking attack scenarios using abnormal OAuth-flows

While the attack needed for such a single-click account takeover would be complex, the research by Frans Rosén, Security Advisor at Detectify, discovered that some of the most popular consumer and business websites in the world currently are not following the OAuth specification best practices and thus are vulnerable to the attack chain. Rosén recently undertook extensive research on how OAuth tokens could be stolen.

CI/CD pipeline attacks: A growing threat to enterprise security

CI/CD pipeline attacks are a growing threat to enterprise security. In this article, we’ll provide an overview of CI/CD for non-developers, discuss the cybersecurity issues involved, and offer some recommendations for developers, companies, and security teams.

Key cybersecurity measures for the fashion industry

Cyberattacks often target the retail sector, although many of these threats are aimed at the e-commerce channel, businesses have also reported incidents where in-store Wi-Fi access points and even IoT devices are exploited as attack vectors. This is reflected in several studies, which reveal that, together with the education sector, the fashion industry was one of the hardest hit last year and 60% of retail companies are at risk of suffering an attack.

State of your attack surface, improved user permissions, and many new tests

The attack surface is inevitably going to grow. That’s why we believe it’s crucial for customers to not only know what assets they are exposing online, but knowing to what extent assets are exposed on their attack surface. Previously, it wasn’t possible to filter the attack surface view by state (you can read more about state here). This limitation made it difficult to assess some Internet-facing assets, such as those that were resolving DNS records with no reachable IPs.

Attacker Floods npm With Crypto-Mining Packages that Mine Monero When Installed with Default Configuration

Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of others to participate in mining. Cryptocurrency mining was originally performed using CPUs, and Monero was no different.]

Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers

Adversaries often exploit legacy protocols like Windows NTLM that unfortunately remain widely deployed despite known vulnerabilities. Previous CrowdStrike blog posts have covered critical vulnerabilities in NTLM that allow remote code execution and other NTLM attacks where attackers could exploit vulnerabilities to bypass MIC (Message Integrity Code) protection, session signing and EPA (Enhanced Protection for Authentication).