Cyberattacks

New HR-Themed Credential Harvesting Phishing Attack Uses Legitimate Signature Platform Yousign

Jun 11, 2024 By Stu Sjouwerman In KnowBe4

A new phishing campaign is exploiting the eSignature platform Yousign. There have been plenty of phishing attacks that leverage legitimate platforms to help establish credibility with security solutions – including online email services, web hosting, payment processors and more.

Read Post

KnowBe4

Read more about New HR-Themed Credential Harvesting Phishing Attack Uses Legitimate Signature Platform Yousign

Four Ways to Prevent Credential Theft and Credential-Based Attacks

Jun 7, 2024 By Mike McCleary In Arctic Wolf

When it comes to cybercrime, there are few tactics as useful and widespread as credential theft and the use of stolen credentials. In the 2023 breach of password management giant Okta, it was a set of credentials that jumpstarted the incident — threat actors hacked into an employee’s personal Google account, where they found an Okta customer service account had also been saved.

Read Post

Arctic Wolf

Read more about Four Ways to Prevent Credential Theft and Credential-Based Attacks

The Most Common Ways Cyber Criminals Will Target Your Business

Jun 6, 2024 By SecuritySenses In SecuritySenses

Businesses face an ever-growing array of security threats from cybercriminals. Scammers and hackers employ increasingly sophisticated techniques to infiltrate corporate networks, steal sensitive information, and disrupt operations. In 2023, consumers and businesses in the United States reported losing more than $10 billion to fraud and online scams, marking the first time that fraud losses have reached that benchmark. This is a 14% increase over reported losses in 2022.

Read Post

SecuritySenses

Read more about The Most Common Ways Cyber Criminals Will Target Your Business

Surge in CatDDoS Attacks: Exploiting Vulnerabilities to Spread Mirai Variant

Jun 6, 2024 By Foresiet In Foresiet

The cybersecurity landscape has recently been shaken by a surge in activity involving a Mirai distributed denial-of-service (DDoS) botnet variant known as CatDDoS. Over the past three months, threat actors have aggressively exploited more than 80 vulnerabilities to spread this malware. In this blog, we explore the recent CatDDoS attacks, the targeted sectors, and the implications for cybersecurity practices.

Read Post

Foresiet

Read more about Surge in CatDDoS Attacks: Exploiting Vulnerabilities to Spread Mirai Variant

Psychological Deterrence: Using Simple Tactics to Prevent Cyber Attacks | Razorthorn Security

Jun 5, 2024 By Razorthorn In Razorthorn

Learn from Robert Black about using psychological deterrence in cybersecurity. He shares insights on how simple techniques, like the presence of CCTV or symbolic imagery, can influence behaviour and prevent attacks. Discover how these principles can be applied in cyberspace.

View Video

Razorthorn

Read more about Psychological Deterrence: Using Simple Tactics to Prevent Cyber Attacks | Razorthorn Security

Top Strategies to Protect Your Website from Subdomain Takeovers

Jun 4, 2024 By Leah Sadoian In UpGuard

Subdomain takeovers pose a significant and often overlooked threat to website security. In today's digital age, almost every business has a website to promote, inform, and provide resources to visitors. Websites that use multiple subdomains risk exposing themselves to cyberattacks. Subdomain takeovers can lead to data breaches and reputational damage. However, these risks can be minimized with the right strategies, and your organization can stay protected.

Read Post

UpGuard

Read more about Top Strategies to Protect Your Website from Subdomain Takeovers

Engaging the Dark Web: Innovative Strategies to Deter Cyber Attacks

Jun 4, 2024 By Razorthorn In Razorthorn

Robert Black explores how organisations can actively engage with the dark web to shape and influence threat actors. By taking an organisational approach rather than a purely technical one, companies can dissuade attackers and protect their assets more effectively. Discover unconventional methods to enhance your cybersecurity posture.

View Video

Razorthorn

Read more about Engaging the Dark Web: Innovative Strategies to Deter Cyber Attacks

What is a Sophisticated Bot Attack?

Jun 4, 2024 By Alex McConnell In Netacea

Earlier this year we stated that bot attacks can be run by anyone, from skilled individuals to organised gangs. Bots can hit websites for a number of reasons. Common attacks include credential cracking to account takeover, to scalping. These bots have the power and capability to conduct multiple attacks repeatedly. Those actions have long seen standard for bots though, so what is new in the world of bot attacks? What is making these attacks more sophisticated?

Read Post

Netacea

Read more about What is a Sophisticated Bot Attack?

New Transparent Phishing Attacks Leverage Cloudflare Worker Serverless Computing

Jun 3, 2024 By Stu Sjouwerman In KnowBe4

An increasing number of phishing campaigns from several threat groups are being tracked as they leverage legitimate Cloudflare services as part of account compromise attacks. Security analysts at Netskope take an expository look at the misuse of Cloudflare services for the purpose of enabling phishing attacks that leverage HTML Smuggling and Transparent Phishing tactics. We’ve seen HTML Smuggling attacks for several years, including its continued use this year.

Read Post

KnowBe4

Read more about New Transparent Phishing Attacks Leverage Cloudflare Worker Serverless Computing

Using a Firewall to Prevent SSRF in Node.js

Jun 2, 2024 By Snyk In Snyk

Watch the full video for more... About Snyk Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video