Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

Domain Hijacking Impersonation Campaigns

A number of domain “forgeries” or tricky, translated look-alikes have been observed recently. These attack campaigns cleverly abuse International Domain Names (IDN) which, once translated into ASCII in a standard browser, result in the appearance of a corporate or organization name that allows the targeting of such organization’s domains for impersonation or hijacking. This attack has been researched and defined in past campaigns as an IDN homograph attack.

Uncovering Bots in eCommerce Part 4: The Impact of Credential Stuffing

Credential stuffing is one of the most common forms of online crime, it is the act of testing stolen passwords and usernames against website login forms, to validate the credentials for malicious reuse. Once a match is found, the attacker can easily commit various types of fraud. When credentials are stolen through a database breach, malware, or other means, they are kept for use in future attacks against many different targets.

Amazon Web Services Mitigated a 2.3 Tbps DDoS Attack

Amazon Web Services (AWS) said that it mitigated a distributed denial-of-service (DDoS) attack with a volume of 2.3 Tbps. In its “Threat Landscape Report – Q1 2020,” AWS Shield revealed that its team members had spent several days responding to this particular network volumetric DDoS attack. In Q1 2020, a known UDP reflection vector, CLDAP reflection, was observed with a previously unseen volume of 2.3 Tbps.

Are airports and airlines prepared for cyber threats post COVID-19?

The COVID-19 pandemic has unveiled numerous vulnerabilities and shortcomings in the airline industry. What’s worse for aviation in particular over other industries is how airports have essentially served as the portal for the virus traveling from one country to another across the globe. As a result of severe travel restrictions implemented by nearly every country, airline companies have been hit hard and forced into a dire financial situation.

Why NHS, UK Healthcare Orgs Need to Boost Their Security in Age of COVID-19

All National Health Service (NHS) and social care organisations in the United Kingdom have always been and will always be a target for bad actors. The nature of their business and the sensitive data they hold make these entities appealing to bad actors who know that legacy systems, and/or, not regularly patched systems, such as those employed by healthcare organizations are easy to penetrate.

What Is the Cyber Kill Chain and How to Use It Effectively

You're probably familiar with the defense-in-depth or castle and moat approach to cybersecurity. It remains a common model that organizations use to think through their information security. However, as organizations have matured they have sought out new models to enable them to better understand how cyber attackers operate and how best to defend against them.

Uncovering Bots in eCommerce Part 3: What Sets Scraper Bots Apart?

Web scraping uses bots to collect large amounts of data from websites. Quite simply to extract content and data from a website. Data that’s publicly available. The scraper bot can then duplicate entire website content elsewhere. Scraper bots, most of the time, are not always bad. Bots are constantly at work behind the scenes making our digital lives run smoothly. They are usually looking for information that you are freely giving to your website’s visitors.

Hiding in plain sight: HTTP request smuggling

HTTP request smuggling is increasingly exploited by hackers in the wild and in bug bounty programs. This post will explain the HTTP request smuggling attack with remediation tips. HTTP request smuggling is an attack technique that abuses how two HTTP devices send requests between each other (typically a front-end proxy or a HTTP-enabled firewall and a backend server) or chaining multiple servers together with different configurations.

Detect reverse shell with Falco and Sysdig Secure

Reverse shell is a way that attackers gain access to a victim’s system. In this article, you’ll learn how this attack works and how you can detect it using Falco, a CNCF project, as well as Sysdig Secure. Sometimes, an application vulnerability can be exploited in a way that allows an attacker to establish a reverse shell connection, which grants them interactive access to the system.