Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

CrowdStrike Uncovers New MacOS Browser Hijacking Campaign

The CrowdStrike Content Research team recently analyzed a MacOS targeted browser hijacking campaign that modifies the user’s browsing experience to deliver ads. Research began with a variant that uses a combination of known techniques to deliver, persist and sideload a Chrome extension. Analysis of the fake Chrome installer uncovered the use of more than 40 unique dropper files to install the extension.

Brute-Force Attacks: How to Defend Against Them

When you hear the words “brute force," subtlety is probably not the first thing that comes to mind. Indeed, classic brute-force cyber attacks use the most straightforward tactics—trial and error—to gain entry into a protected system. When brute force works, the attack's type, depth, and severity depend on the attacker's goals.

Naming Adversaries and Why It Matters to Your Security Team

What is it with these funny adversary names such as FANCY BEAR, WIZARD SPIDER and DEADEYE JACKAL? You read about them in the media and see them on CrowdStrike T-shirts and referenced by MITRE in the ATT&CK framework. Why are they so important to cyber defenders? How is an adversary born? You may think you have a problem with ransomware, bots or distributed denial of service (DDoS) attacks but you would be wrong. Because humans are behind every cyberattack, what you really have is an adversary problem.

7 Cybersecurity Best Practices Financial Firms Should Live By

According to the 2021 IBM X-Force Threat Intelligence Index , the finance and insurance industry sector experienced the most cyber attacks for the fourth year in a row. It’s no mystery why: Hackers go where the money is. And according to Verizon's 2021 Data Breach Investigations Report (DBIR), financial gain was the most common motive in data breaches across all industries: 93 percent of breaches involving companies with fewer than 1,000 employees were financially motivated.

KillNet Utilizes CC-Attack: A Quick & Dirty DDoS Method

During the course of 2022, SecurityScorecard has been tracking multiple DDoS campaigns that have been targeting entities within the Ukrainian government, as well as other European government targets that are perceived to be allied with Ukraine government interests. One of the groups at the forefront of these DDoS attacks is the hacking collective known as KillNet.

Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks

Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for developers, this article is not about the typical case of typosquatting or random malicious package. This article shares the findings of targeted attacks aimed at businesses and corporations that Snyk was able to detect and share the insights.

npm package hijacking through domain takeover - how bad is this "new" attack?

When relying on a 3rd-party package from a non-commercial entity, there is always the risk of lack of support, especially when it comes to outdated packages and versions. If the package stops being maintained, nobody will implement a new feature we might need or fix a newly-discovered security vulnerability. Consider, for example, CVE-2019-17571. A critical remote code vulnerability which was never fixed in Log4j 1.x, since it was not supported anymore, and only fixed in Log4j 2.x.

How Can OEMs Reduce Their Risk of Cyberattacks?

Many modern businesses in almost every sector of the economy are adopting the latest technologies for greater connectivity and efficiency. However, while many of these technologies offer myriad benefits, they can also create new cybersecurity vulnerabilities. While much of the focus has remained on manufacturers and how they can bolster their cybersecurity efforts, another group of businesses also needs to improve their cybersecurity.

Monitor Content Security Policy violations with Datadog

Content Security Policy (CSP) is a W3C standard that helps defend web applications against cross-site scripting (XSS), clickjacking, and other code injection attacks. CSP is often deployed by using an HTTP header (or, less commonly, a element) to specify which types of resources are allowed to load on your site and where those resources can come from.