Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

Squash Scattered Spider Attacks with Forward Networks' Blast Radius

I hate spiders, a lot. But I really hate the idea of a Scattered Spider Attack which can jump between environments that you may have believed were segmented at an alarming rate. That is the stuff of real nightmares for networking and security professionals. Keeping up with your security posture isn’t easy. We’re all doing our best, but is it good enough? One CISO we talked to hired a consulting firm to map out their security posture.

OWASP Clickjacking: The Enhanced Cheat Sheet [XLS DOWNLOAD]

Clickjacking is a widely used cyberattack technique where users are tricked into clicking on something without realizing it’s harmful. Clickjacking attacks can lead to serious problems like data theft and financial fraud, damaging organizations’ reputations. According to the Javelin 2022 Identity Fraud Study, 22% of U.S. adults have been victims of account takeover attacks. But here’s the good part.

Live API Attack Simulation

“We have an API gateway, and the strong authentication & authorization keeps us secure.” This notion could cost you a databreach, a compliance fine or even application downtime that may erode customer trust. In this webinar, Karthik Krishnamoorthy, CTO and Vivekanand Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.

Hacktivists attack U.S. water treatment plant - analysis and implications

Almost a year ago to the day, on December 1 2022, Forescout Vedere Labs published a report detailing several hacktivist operations that targeted critical infrastructure in response to the Russian invasion of Ukraine and other geopolitical developments. Since the most recent chapter in the Hamas-Israel conflict started on October 7, there have been multiple similar claims of attacks from hacktivists taking opposing sides in the conflict.

Who Knew Neanderthals were so High-Tech?

Researchers at ESET describe various types of scams launched by users of Telekopye, a telegram bot that assists in crafting social engineering attacks. The scammers call their victims “mammoths,” so ESET has dubbed the scammers “Neanderthals.” The first type of scam is simply financial data theft via phishing sites.

Initial Access Broker Activity Doubles in One Year's Time

New data sheds light on just how active the Initial Access Broker (IAB) business is, and the growth uncovered doesn’t bode well for potential victim organizations. There’s plenty of fodder in tech news about the use of IABs and their role in cyber attacks. But rarely do we get to see a more comprehensive analysis of just how much growth in both the number of brokers and posts of credentials for sale.

Phishing Attacks Expected to More Than Double During the Black Friday and Cyber Monday Shopping Week

Another day, another warning about holiday scams! Lookout Inc., a data-centric cloud security company, is warning employees and businesses that phishing attacks are expected to more than double this week, based on historical data. With more corporate data residing in the cloud and a massive amount of employees still working remotely, mobile has become the endpoint of choice for the modern workforce.

UK Finance Reports Slight Decrease in FinTech Cyberattacks

The latest report from UK Finance paints a mixed picture of financial fraud in the United Kingdom, with losses exceeding £500 million in the first half of the year. However, amidst these concerning figures, there is a glimmer of hope as cyber fraud rates have shown a slight 2% decrease from the previous year.

Multi-Stage Attacks & How To Detect Them

Cybercriminals and threat actors use multiple vectors to infiltrate your IT network. They employ a series of coordinated steps as they… Impactful cyberattacks today are no longer executed as a simple virus with self-mutation capabilities, especially when many organizations rely on AI-enabled threat detection capabilities. They’re a lot more sophisticated.