Cyberattacks

API attack types and mitigations

Jun 20, 2022 By Ross Moore In AT&T Cybersecurity

Stop, look, listen; lock, stock, and barrel; "Friends, Romans, Countrymen..." The 3 Little Pigs; Art has 3 primary colors; photography has the rule of thirds; the bands Rush and The Police; the movie The 3 Amigos. On and on it goes - "Omne trium perfectum" – “Everything that comes in threes is perfect.” While this article doesn’t provide perfection, we’ll focus on the top three API vulnerabilities (according to OWASP).

Read Post

AT&T Cybersecurity

Read more about API attack types and mitigations

Single Author Uploaded 168 Packages to npm as Part of a Massive Dependency Confusion Attack

Jun 20, 2022 By Tamir Ben Ari In Mend

Mend Supply Chain Defender reported and blocked dozens of packages from the same author. These packages targeted developers of many companies and frameworks like slack, Cloudflare, Datadog, Metamask, react, Shopify, OpenSea, Angular and more. A dependency confusion attack takes advantage of a software developer’s tendency to pull malicious code from public repositories rather than internal ones.

Read Post

Mend

Read more about Single Author Uploaded 168 Packages to npm as Part of a Massive Dependency Confusion Attack

What is a Distributed Denial-of-Service (DDoS) attack?

Jun 16, 2022 By Emily Chioconi In 1Password

If you don’t work in IT or security, there’s no need to fret about every detail of every online danger. Nevertheless, it’s worth having awareness of the strategies and techniques that criminals are using to achieve their goals online.

Read Post

1Password

Read more about What is a Distributed Denial-of-Service (DDoS) attack?

Enriched attack surface view, DNS filtering, and more

Jun 15, 2022 By Detectify In Detectify

Taking action on your attack surface requires a complete overview of what is exposed. This includes details such as open – and previously open! – ports, DNS records, and when the asset was last seen. These details help security teams respond more effectively to issues as they occur in production. It’s now possible for Surface Monitoring customers to drill down into an asset with the new Details page, which you can access by selecting an asset from the Attack Surface view.

Read Post

Detectify

Read more about Enriched attack surface view, DNS filtering, and more

Kerberos Authentication: Basics to Kerberos attacks

Jun 14, 2022 By Editor In Cyphere

Developed by MIT, Kerberos Authentication Protocol is the default authentication service for Microsoft Active Directory. It is named after the three-headed dog (Cerberus) found in Greek mythology, because the security protocol involves three major steps in the entire authentication process. Although Kerberos is a technology used by Microsoft Windows, by default, its implementations in other operating systems, such as Linux, FreeBSD and macOS, are also present.

Read Post

Cyphere

Read more about Kerberos Authentication: Basics to Kerberos attacks

Conti ransomware incapacitates Costa Rica's government: The FBI, CISA, the NSA, and Secret Service recommend mitigation strategies

Jun 8, 2022 By General In ManageEngine

Weeks after President Rodrigo Chaves Robles became Costa Rica’s 49th president, he had to tackle the country’s largest cyberattack ever. Costa Rica declared a state of emergency following a series of detrimental ransomware attacks carried out by the Conti ransomware gang.

Read Post

ManageEngine

Read more about Conti ransomware incapacitates Costa Rica's government: The FBI, CISA, the NSA, and Secret Service recommend mitigation strategies

Bot attacks go undiscovered for average of 16 weeks

Jun 8, 2022 By Netacea In Netacea

New Netacea research shows businesses are leaving attacks unchallenged for almost four months.

Read Post

Netacea

Read more about Bot attacks go undiscovered for average of 16 weeks

CrowdStrike Falcon Stops Modern Identity-Based Attacks in Chrome

Jun 8, 2022 By Eamonn Ryan - Matthew Puckett - Liviu Arsene In CrowdStrike

Recent research from CyberArk Labs presents a new technique for extracting sensitive data from the Chromium browser’s memory. However, existing access to the targeted system is required before leveraging the technique to extract the sensitive data. The technique could enable identity-based attacks involving authentication bypass using Oauth cookies that have already passed an MFA challenge.

Read Post

CrowdStrike

Read more about CrowdStrike Falcon Stops Modern Identity-Based Attacks in Chrome

How Lookout Prevents Ransomware Attacks | Lookout

Jun 8, 2022 By Lookout In Lookout

As ransomware attacks continue to grow, keeping sensitive data secure is crucial. Lookout prevents the initial compromise of a ransomware attack by securing data wherever and however it needs to. How Lookout Reduces Risk of a Ransomware Attack: Ensures only endpoints free from malware access data Prevents attackers from exploiting vulnerabilities in internet facing apps and servers Enables you to identity unauthorized access when.

View Video

Lookout

Read more about How Lookout Prevents Ransomware Attacks | Lookout

Top Cyber Attacks of May 2022

Jun 7, 2022 By Arctic Wolf In Arctic Wolf

Summer is here and phishing season is in full swing. May saw a troubling range of phishing attacks carried out against a wide array of targets, from retirement planners to school systems to national defense. Bundle all of those efforts together with a disturbing ransomware attack on the air travel industry and you have all the evidence you need of the dangers of inadequate cybersecurity at every level.

Read Post