Recently, the Securities and Exchange Commission’s exam division issued a Risk Alert (the “Alert”) where it carried out several targeted cybersecurity investigations. The agency is now concerned with how there’s been an increase in a specific type of hack known as “credential stuffing.“ This cyberattack involves using stolen credentials to log into web-based systems and issue the unauthorized transfer of client funds.

A cybersecurity bulletin was released by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) on October 28, 2020. The three agencies have issued a high-level warning about an increased, imminent threat of ransomware attacks in the healthcare sector. The cybercriminal group behind the TrickBot, Ryuk, and BazarLoader malware is now targeting U.S. hospitals and healthcare providers.

The recent headlines attest that no organization is immune to targeted attacks launched by skilled, persistent adversaries. These highly sophisticated attackers gain unprecedented success against large and even well-equipped organizations across the world. The detection of these attacks is a daunting task. However, if you are well aware of the Indicator of Attacks (IoA) and Indicators of Compromise (IoC), then you can resolve issues with better outcomes.

Fintech companies – those that offer technology to support the banking and personal finance industry – are increasingly at risk of cyberattack. After healthcare, fintech is the second most frequently attacked industry, according to Alissa Abdullah, senior vice president of cybersecurity technology at Mastercard. Fintech News found that 27% of attacks target banks or healthcare.

The latest exploit in the series of issues with cloud infrastructure software is called “ContainerDrip” (CVE-2020-15157)and in some cases it can cause you to leak your registry secrets to an attacker. The attack is actually a kind of secret or password leak using request forgery. Your client unintentionally makes an HTTP API request to the attacker’s endpoint where this request contains the container image registry secret.

An SQL injection (also known as SQLi) is a technique for the “injection” of SQL commands by attackers to access and manipulate databases. Using SQL code via user input that a web application (eg, web form) sends to its database server, attackers can gain access to information, which could include sensitive data or personal customer information. SQL injection is a common issue with database-driven websites.

You're woken by your phone erupting with notifications. You drowsily reach for it and find a barrage of messages from frustrated clients complaining about your website. You try to load your website but you're met with a frightful "service unavailable" message. You could be a victim of a DDoS attack. A Distributed Denial of Service attack (DDoS attack) is the process of sending an overwhelming amount of data requests to a web server with the intention of impeding its performance.

Scalper bots, or inventory hoarding bots, are used to disrupt, manipulate, and steal merchandise much faster than any human can. These malicious bots add products to carts, often products that are in high demand or limited supply. This stock is held in a basket and made unavailable to other prospective buyers. Scalper bots perform this process multiple times, causing significant problems for websites and retailers, by hijacking inventory and reselling the items at a higher price.