The digital footprint of organizations has evolved and grown significantly over the past 10 years, now its important to not only protect just IP addresses and domains but also social media, payment platforms, and third-party services. Identifying risks like vulnerabilities, supply chain attacks, and credential leaks are crucial for organizational security. The Cyberint team have analyzed 1000s of risks and threats and narrowed down the top 4 risks facing Latin America in 2024 and going into 2025.

In the modern, interconnected world, no organization is immune from a cyber attack. Indeed, most experts agree that it is a matter of “when,” not “if” an organization will be targeted by threat actors. If an attack is successful, the immediate costs — including potential ransom payments, lost revenue, and costs associated with remediation and restoration — can be substantial.

In June 2024, the digital world was rocked by a significant supply chain attack involving Polyfill.io, a JavaScript library that had been a staple in web development for over a decade. Originally designed to ensure compatibility between older browsers and modern web APIs, Polyfill.io became a silent vulnerability when a Chinese company named “Fun Null” acquired the domain in February 2024.

Researchers at Palo Alto Networks’ Unit 42 warn that attackers are using refresh entries in HTTP response headers to automatically redirect users to phishing pages without user interaction. “Unit 42 researchers observed many large-scale phishing campaigns in 2024 that used a refresh entry in the HTTP response header,” the researchers write. “From May-July we detected around 2,000 malicious URLs daily that were associated with campaigns of this type.

Developers are constantly exploring new technologies that can improve the performance, flexibility, and usability of applications. GraphQL is one such technology that has gained significant attention for its ability to fetch data efficiently. Unlike the traditional REST API, which requires multiple round trips to the server to gather various pieces of data, GraphQL allows developers to retrieve all the needed data in a single request.

So far in 2024, many major companies have fallen victim to credential stuffing attacks. Some of these notable credential stuffing victims include Roku, Okta, General Motors and Levi’s. Credential stuffing attacks occur when a cybercriminal uses stolen login credentials to attempt to log in to multiple accounts simultaneously. Since many people reuse their passwords, cybercriminals can use stolen credentials to sign in to many accounts, compromising employee, customer and organizational data.

In today's digital landscape, cyber attacks are an ever-present threat, and they all ultimately target one thing: data. For most organizations, the challenge lies not only in protecting this data but also in understanding the full scope of what they have. Many organizations struggle to identify how much sensitive data they possess, where it resides, and who has access to it.

PowerShell is one of the most popular platforms for malicious actors. To protect your critical data and systems, it’s vital to implement strategies for blocking and detecting attacks that exploit PowerShell. However, you should not assume those security measures are airtight — adversaries are constantly looking for ways to bypass your defenses. Let’s explore three of those techniques, so you can build an even more robust strategy for defending your data and your business.