On May 11, several Italian institutional websites, including the Italian Senate, the Ministry of Defense, and the National Institute of Health, were taken offline and unreachable for a few hours. This was day one of a multiday cyber attack, which targeted other Italian websites as well as other countries.
Ransomware attacks are on the rise, and businesses need to be aware of the dangers they pose. In this blog post, we will discuss how ransomware attacks take place, the threats they pose, and the aftermath for businesses. We will also provide tips for protecting your business from ransomware attacks. If you prefer a watch over a read, our consultant breaks Ransomware down in the video below.
Web applications across the digital world are teeming with vulnerabilities increasingly equipped to defeat security mechanisms. Among them are injection attacks. We are aware of the many injection vulnerabilities present in a web application, for example, SQL injection, HTML injection, CRLF injection, cross-site scripting and many others. This article will discuss CRLF injection vulnerability in detail for web application security.
All developers are prone to mistakes that leave them open to typosquatting attacks. Tiredness, dirty keyboard, or software issues may lead to typing some letters twice. Everyone would like to see a red screen and alarm coming out of the computer in such a case, but sadly, it doesn’t always work that way with most supply chain attacks.
Multi-factor authentication prompt bombing is the strongest proof that not all MFA solutions are secure. This social engineering technique has been generating a lot of interest in recent weeks as cybercriminal groups have deployed it successfully as in the case of the Lapsus$ attacks.
Read also: Rari Capital and Fei Protocol DeFi projects lost over $80M in a hack, Romania hit with DDoS attacks, and more.
Have you ever wondered what vulnerabilities are exploited the most by threat actors? The answers you have been eagerly waiting for could be found inside a joint Cybersecurity Advisory (CSA) coauthored by the cybersecurity authorities of the United States (CISA), Australia (ACSC), Canada (CCCS), New Zealand (NZ NCSC), and the United Kingdom (NCSC-UK), plus the U.S. National Security Agency (NSA) and Federal Bureau of Investigation (FBI).
Between February 27 and March 1, 2022, Docker Engine honeypots were observed to have been compromised in order to execute two different Docker images targeting Russian and Belarusian websites in a denial-of-service (DoS) attack. Both Docker images’ target lists overlap with domains reportedly shared by the Ukraine government-backed Ukraine IT Army (UIA). The UIA previously called its members to perform distributed denial-of-service (DDoS) attacks against Russian targets.
