Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

How to deal with cyberattacks this holiday season

The holiday season has arrived, and cyberattacks are expected to increase with the upcoming celebratory events. According to The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) 2022 Holiday Season Threat Trends and summary report, ransomware and phishing attacks are expected to increase in retail. With the FIFA World Cup 2022, many cybersecurity experts have advised heightened caution about online impersonation scams and phishing campaigns.

Operation Power Off: 50 DDoS-services taken offline in international crackdown

Law enforcement agencies in the United States, UK, Netherlands, Poland, and Germany have brought down the most popular DDoS-for-hire services on the internet, responsible for tens of millions of attacks against websites. 50 of the world's biggest "booter" sites used to launch disruptive distributed denial-of-service attacks have been taken down as part of "Operation Power Off" - a joint action by the US Department of Justice, FBI, the UK's National Crime Agency, and their equivalents.

3 Reasons Why You Should Fuzz Your Christmas Tree

A recent study shows that software attacks cause Millions of Christmas trees to go dark each year (Claus, 2021). Since many people believe that trees cannot be hacked, they tend to find themselves in a false sense of security that too often leaves them exposed. In this article, I want to show you why fuzzing is the right method to protect your Christmas tree against malicious software attacks while turning it into a video game console.

Using LDAP Ping to Enumerate Active Directory Users

LDAP Nom Nom is a recently discovered brute-force technique for enumerating valid usernames in Active Directory — anonymously and without leaving any log entries behind. It abuses LDAP Ping, a little-known mechanism in Active Directory normally used by computers to check whether a domain controller is alive. This blog post explains how LDAP Ping works and how adversaries can abuse it with LDAP Nom Nom.

Featured Post

Into the future: what might cybersecurity look like in 2023?

As we enter into 2023, cybersecurity must be at the forefront of our minds. With hackers becoming increasingly sophisticated in their techniques and the number of endpoints growing exponentially due to the explosion in the number of connected devices, it is critical that over the next 12 months we consolidate our efforts to stay one step ahead of the threats.

What were the biggest cyberattacks in 2022?

Cyberattacks consistently hit the headlines throughout the year, and they aren’t expected to slow down any time soon. While the intensity and impact change from one attack to the other, there are always a few that rank the highest in terms of size. We looked at the five biggest cyberattacks of 2022 and how they influenced users around the globe.

Phishing Attacks: A Summary of Phishing In All Its Forms

A phishing attack is a fraudulent email pretending to be from a safe, familiar, or reliable source intended to induce the email recipient to reveal personal information such as financial information, personally identifiable information (PII), Passwords, or credit and bank account numbers to the writer.

How to Prevent Credential Stuffing Attacks

Credential stuffing is on the rise. The number of annual credential spill incidents nearly doubled between 2016 and 2020, according to the F5 Labs 2021 Credential Stuffing Report. Organizations need to be wary of sophisticated attackers or risk becoming a victim of a credential stuffing attack. As one of the most common account takeover techniques, your team must be equipped with the knowledge necessary to prevent this from happening.

Going Mobile: BEC Attacks Are Moving Beyond Email

Recently, we’ve noticed an increase in user reports of SMS-based Business Email Compromise (BEC) messages. This seems to be part of a wider trend as phishing scams via text messages surge. The Federal Communications Commission (FCC) observed an increase in unsolicited text messages, with 2022 practically tripling the number of phishing texts reported to the FCC in 2019. Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile.