HTTP Response Splitting is a type of attack that occurs when an attacker can manipulate the response headers that will be interpreted by the client. This article goes into details on how this can be abused by an attacker to insert arbitrary headers and the impact of this type of attack.
Cybersecurity professionals know what they’re up against. The type, number and severity of cyberattacks grows with time. Hackers display no shortage of cunning and ingenuity in exploiting security vulnerabilities, compromising important data and inflicting damage to both individuals and organizations. Cybersecurity professionals also know that their defenses must evolve along with the attacks, requiring them to display even more ingenuity than hackers when creating security tools.
Although DNS rebinding attacks have been known for over a decade now, they are only recently receiving attention as a practical attack surface. In the last year, quite a few popular products have been shown to lack DNS rebinding protections, and as a result, someone could operate them remotely using a malicious web site. Manufacturers have made a habit of giving consumers connected devices that are controlled by unauthenticated HTTP requests via the local network.
Recent statistics show that 60% of businesses are forced to suspend operations after a cyber-attack are never able to reopen for business. This is largely due to revenue lost due to downtime as well as damage to the company’s reputation. The good news is that most of these threats can be mitigated with reliable cybersecurity. When it comes to cyberattacks, time is of the essence.
As technological solutions to cybercrime become increasingly advanced, able to preempt attacks and weed out vulnerabilities before they’re widely known, attackers also become more adept at cloaking their presence and concealing their intent. The targets of attacks also change with the times.
Organizations of all sizes have made considerable shifts to using cloud-based infrastructure for their day-to-day business operations. However, cloud security hasn't always kept up with cloud adoption, and that leaves security gaps that hackers are more than happy to take advantage of.
MITRE ATT&CK™ (Adversarial Tactics, Techniques and Common Knowledge) is a framework for understanding attackers’ behaviors and actions. We are pleased to announce that AlienVault USM Anywhere and Open Threat Exchange (OTX) now include MITRE ATT&CK™ information. By mapping alarms to their corresponding ATT&CK techniques, we are assisting in prioritizing analysis work by understanding the context and scope of an attack.
“We’re under attack” may be the three least favorite words of every cybersecurity professional out there. Luckily, for USA Today, this doesn’t happen often, however, last year one of our 115 media markets was targeted by a distributed denial of service (DDoS) attack.
With connectivity to the outside world growing, cyber attacks on industrial computers constitute an extremely dangerous threat, as these types of incidents can cause material losses and production downtime for a whole system. Moreover, industrial enterprises knocked out of service can seriously undermine a region’s social welfare, ecology and macroeconomics. Not surprisingly, cybersecurity is therefore becoming more and more important across the board.
