On November 1st, 2021, a public disclosure of a paper titled Trojan Source: Invisible Vulnerabilities described how malicious actors may employ unicode-based bidirectional control characters to slip malicious source code into an otherwise benign codebase. This attack relies on reviewers confusing the obfuscated malicious source code with comments.

Supply-chain attacks may not grab the headlines in the same way as ransomware or data breaches, but these sneaky cyberattacks are just as dangerous for your business.

Threat actors are employing more advanced social engineering techniques with ever increasing frequency. All sectors are open to attacks with the financial and reputational losses being significant. Exploiting human nature is not new. The methods used by hackers are getting more sophisticated and they are becoming better at manipulating human behaviour. This guide to social engineering will help you.

A keylogger is a type of spyware that monitors and records user keystrokes. They allow cybercriminals to read anything a victim is typing into their keyboard, including private data like passwords, account numbers, and credit card numbers. Some forms of keyloggers can do more than steal keyboard strokes. They can read data copied to the clipboard and take screenshots of the user's screen - on PCs, Macs, iPhones, and Android devices. Keyloggers are not always the sole threat in cyberattacks.

In a blog post published in February 2021, Microsoft noted that web shell attacks had been steadily increasing since mid-2020. There were 140,000 monthly web shell attacks from August 2020 to January 2021, more than twice the average from 2020. The increasing prevalence of these attacks has a simple reason: web shell attacks are easy to author and launch. So, what are web shell attacks? Why should organizations be more aware of them?

Dependency confusion attacks are a form of open source supply chain security attacks in which an attacker exploits how package managers install dependencies. In a prior post, we explored how to detect and prevent dependency confusion attacks on npm to maintain supply chain security. In this article, we will present an extension of the dependency confusion problem utilizing npm’s package aliasing capabilities.

Cybercrime can take many forms, and the criminals behind such attacks work with increasing sophistication — even to the point that some companies may, unwittingly, be helping criminals launch attacks against other organizations. For example, botnets are an organized network of infected devices at a hacker’s disposal, which the hacker then uses to carry out cybercrime schemes by harnessing resources available to the bots on the system.

It was 4:00 in the morning, May 20, 2021. Matthew Day, CIO of Langs Building Supplies (Langs) was excited for a long-anticipated holiday after 14 months of lockdown due to COVID-19. His wife was thrilled. His friends, ecstatic. But the day took an unexpected turn. Instead of waking up delighted to leave for his getaway, Day woke up to every CIO’s worst nightmare, the dreaded phone call: “We’ve been hacked.”

Looking back at the past year, there have been some downright spooky trends facing cyber security professionals. Ransomware attacks have skyrocketed, impacting organizations from healthcare to critical infrastructure to the suppliers of MSP suppliers and everyone in between. APT crews and criminal gangs have taken advantage of the pandemic that pushed everyone to remote work, making 2020/2021 the year that bad cybersecurity preparedness came home to roost.

Alan is one of the senior officers of a financial bank in Texas. Alan was looking to buy a Halloween costume and got an email about a sale happening at a store near his neighborhood. He clicked on the email to learn more about the offer. In a few hours, his computer, which had critical high-profile customer files and details got infected by ransomware.