Cyberattacks

Asset hijacking: the digital supply chain threat hiding in plain sight

May 7, 2024 By Nethanel Gelernter In IONIX

The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that is depended on for a particular first-party service (such as your website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks. The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised.

Read Post

IONIX

Read more about Asset hijacking: the digital supply chain threat hiding in plain sight

How a Virtual Private Server Plays a Small Yet Effective Role in Enhancing Cybersecurity

May 6, 2024 By SecuritySenses In SecuritySenses

Every year, there are an increasing number of cyberattacks. According to TechTarget, Skybox Security reported an increase of 25% in new vulnerabilities in 2022 compared to 2021. Moreover, the World Economic Forum's Global Risks Report 2023 predicts that the concerns around cybersecurity will persist in 2024, too.

Read Post

SecuritySenses

Read more about How a Virtual Private Server Plays a Small Yet Effective Role in Enhancing Cybersecurity

LLMjacking: Stolen Cloud Credentials Used in New AI Attack

May 6, 2024 By Alessandro Brucato In Sysdig

The Sysdig Threat Research Team (TRT) recently observed a new attack that leveraged stolen cloud credentials in order to target ten cloud-hosted large language model (LLM) services, known as LLMjacking. The credentials were obtained from a popular target, a system running a vulnerable version of Laravel (CVE-2021-3129). Attacks against LLM-based Artificial Intelligence (AI) systems have been discussed often, but mostly around prompt abuse and altering training data.

Read Post

Sysdig

Read more about LLMjacking: Stolen Cloud Credentials Used in New AI Attack

Detecting and Preventing Reconnaissance Attacks

May 2, 2024 By SecuritySenses In SecuritySenses

In 2024, every business across the world is already aware of the looming potential of a cyber attack. With billions of dollars pouring into the cyber criminal market each year, hackers have more backing to create large-scale attacks, breaching financial records, private data, and customer information. Reconnaissance attacks are the first step in many of these major breaches. By scouting out a business, collecting information about its security posture, and aiming to identify vulnerabilities, these initial attacks give hackers the data they need to launch precise, damaging attacks.

Read Post

SecuritySenses

Read more about Detecting and Preventing Reconnaissance Attacks

What is DLL Hijacking? How to Identify and Prevent DLL Hijacking?

May 2, 2024 By SignMyCode In SignMyCode

Ever happened – you clicked a random link by mistake but discovered your system working strangely? Maybe some programs crash, data goes missing, or pop-ups plague your screen. It could be a malicious threat within your system, or simply, your system is the victim of a DLL Hijacking. DLL Hijacking is a type of cyberattack that allows the attacker to steal your data or even take control of your system.

Read Post

SignMyCode

Read more about What is DLL Hijacking? How to Identify and Prevent DLL Hijacking?

What is Unrestricted Code Execution? How to Defend Organizations Against this Attack?

May 2, 2024 By SignMyCode In SignMyCode

Nowadays, with more organizations and individuals relying heavily on third-party software to execute their high-priority and covert tasks, the risks of data breaches or cyber-attacks are becoming a serious issue. A cyber attack is basically an attempt by cybercriminals, hackers, or other digital adversaries to access a computer network or system with a willingness to expose, alter, steal, or destroy your million-dollar information.

Read Post

SignMyCode

Read more about What is Unrestricted Code Execution? How to Defend Organizations Against this Attack?

What Is a Silver Ticket Attack?

May 2, 2024 By Jaryeong Kim In Keeper

A ticket in cybersecurity is a set of credentials used to authenticate users. A silver ticket is a forged ticket an unauthorized user creates. With this forged silver ticket, threat actors can launch a cyber attack that involves exploiting the weaknesses of a Kerberos authentication system. In this system, a Ticket Granting Service (TGS) serves as the credential token, granting authorized users access to particular services.

Read Post

Keeper

Read more about What Is a Silver Ticket Attack?

Navigating the Masquerade: Recognizing and Combating Impersonation Attacks

May 1, 2024 By Stu Sjouwerman In KnowBe4

With all great power, there comes an equal potential for misuse. Among the sophisticated arsenal of threat actors, impersonation attacks have surged to the forefront, which questions our sense of trust.

Read Post

KnowBe4

Read more about Navigating the Masquerade: Recognizing and Combating Impersonation Attacks

The Top 11 Legal Industry Cyber Attacks

Apr 30, 2024 By Arctic Wolf In Arctic Wolf

A law firm can only be successful if it can meet the needs of its clients, and few components put that success at risk more than the rising danger and repercussions of a cyber attack. In addition to the time, effort, and money a firm must spend responding to a successful breach, employees may find themselves unable to access the firm’s technology and, therefore, unable to bill hours.

Read Post

Arctic Wolf

Read more about The Top 11 Legal Industry Cyber Attacks

JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories

Apr 30, 2024 By Andrey Polkovnichenko In JFrog

As key parts of the software ecosystem, and as partners, JFrog and Docker are working together to strengthen the software ecosystem. Part of this effort by JFrog’s security research team involves continuous monitoring of open-source software registries in order to proactively identify and address potential malware and vulnerability threats.

Read Post