Cyberattacks

What Makes Telecommunication Companies Such a Fertile Ground for Attack?

Apr 19, 2022 By Jeannine Balsiger In Tripwire

Telecommunication is the first, and most robust network ever invented. This may seem like a brazen and bold statement, but when examined closely, it is not the stuff of fantasy. Prior to the invention and development of the internet, what other way could a person pick up a device, and “dial” a few numbers and end up seamlessly connected to someone across the vast expanse of a countryside?

Read Post

Tripwire

Read more about What Makes Telecommunication Companies Such a Fertile Ground for Attack?

What We Can Learn From SolarWinds Security Breach

Apr 18, 2022 By SecurityScorecard In SecurityScorecard

65% of cyber attacks today happen due to the negligence of a third party. SolarWinds security breach is a good example of that. In this case, hackers used a method known as a supply chain attack to insert malicious code into their Orion System. From there, they managed to crack into the SolarWinds network and put malware into the environment. SolarWinds did a great job following up on this. They made significant improvements and are currently rated as a B by SecurityScorecard.

View Video

SecurityScorecard

Read more about What We Can Learn From SolarWinds Security Breach

What Is Cryptojacking and How Can You Defend Against It?

Apr 18, 2022 By Arctic Wolf In Arctic Wolf

It should come as no surprise that as cryptocurrencies become more popular and edge towards the mainstream, the mining of these digital currencies—which uses computing power to solve complex math problem— has given rise to a new form of cyber attack: cryptojacking. Cryptojacking may sound like a way to steal someone's cryptocurrency assets, but it's a less obvious form of theft.

Read Post

Arctic Wolf

Read more about What Is Cryptojacking and How Can You Defend Against It?

The Karakurt Web: Threat Intel and Blockchain Analysis Reveals Extension of Conti Business Model

Apr 15, 2022 By Arctic Wolf In Arctic Wolf

Tetra Defense, an Arctic Wolf® company, partnered with Chainalysis to analyze the link between the Karakurt cyber extortion group to both Conti and Diavol ransomware through Tetra’s digital forensics and Chainalysis’ blockchain analytics. As recent leaks have revealed, Conti and Trickbot are complicated operations with sophisticated structures. But, our findings indicate that web is even wider than originally thought, to include additional exfiltration-only operations.

Read Post

Arctic Wolf

Read more about The Karakurt Web: Threat Intel and Blockchain Analysis Reveals Extension of Conti Business Model

Tough Times for Ukrainian Honeypot?

Apr 15, 2022 By Trustwave In Trustwave

We've recently been inundated with news of increased cyberattacks and a general increase in cyber threats online. Hackers - both bad and good, government related or private groups - have their hands full every day as never before and compounding the situation is the Russia-Ukraine (UA) war which has sparked a cyber storm. This made us just more curious about Internet attacks on the UA telecom infrastructure.

Read Post

Trustwave

Read more about Tough Times for Ukrainian Honeypot?

We Need a New Risk Management Approach to Secure Critical Infrastructure Against Russian Cyber Threats

Apr 14, 2022 By SecurityScorecard In SecurityScorecard

A democratized approach to cybersecurity risk management that leverages continuous monitoring and public-private partnerships is overdue, and critical, for today’s cyber threat environment.

Read Post

SecurityScorecard

Read more about We Need a New Risk Management Approach to Secure Critical Infrastructure Against Russian Cyber Threats

Multi-Factor Authentication (MFA) Bypass Through Man-in-the-Middle Phishing Attacks

Apr 14, 2022 By Allen Funkhouser In Netskope

One of the key tools at the center of social engineering attacks against organizations is phishing. According to the Anti-Phishing Working Group’s latest report, the number of unique phishing websites detected in December 2021 was 316,747, where they have detected between 68,000 and 94,000 attacks per month in early 2020, meaning that phishing attacks have more than tripled from 2020 to 2021.

Read Post

Netskope

Read more about Multi-Factor Authentication (MFA) Bypass Through Man-in-the-Middle Phishing Attacks

Zhadnost strikes again... this time in Finland.

Apr 13, 2022 By SecurityScorecard In SecurityScorecard

SecurityScorecard (SSC) has identified a DDoS attack which targeted the websites of the Finnish Ministry of Foreign Affairs and Ministry of Defense. SSC discovered more than 350 bots, mainly located in Bangladesh and African countries, which are now considered to be part of the Zhadnost botnet, previously discovered by SSC in March.

Read Post

SecurityScorecard

Read more about Zhadnost strikes again... this time in Finland.

This Week in VulnDB - PHP Use after free vulnerability deep dive and more

Apr 13, 2022 By Snyk In Snyk

Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.

View Video

Snyk

Read more about This Week in VulnDB - PHP Use after free vulnerability deep dive and more

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Apr 13, 2022 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video