Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Malicious modifications to open source projects affecting thousands - Sysdig Secure

In the early days of 2022, two extremely popular JavaScript open source packages, colors.js, and faker.js, were modified to the point of being unusable. The reason for this event can be traced to various motivations, but what is worth mentioning is that several applications that employed those dependencies were involved. The two impacted packages can be used for different purposes in JavaScript applications. colors.js enables color and style customization in the node.js console.

The 5 Stages of a Credential Stuffing Attack

Many of us are fond of collecting things, but not everyone is excited about Collections #1-5. In 2019, these Collections, composed of ca. 932 GB of data containing billions of email addresses and their passwords, made their way around the Internet. These collections weren’t breaches but compilations of emails and passwords that had been gathered. Even after repeat entries were whittled down, the collection still contained billions of distinct address and password combinations.

FIN7 Sends BadUSB Devices to U.S. Businesses as Part of Targeted Ransomware Campaign

First reported by The Record, the FBI has issued a new security Flash Alert warning organizations that the cybercrime gang FIN7 is again sending malicious USB drives to U.S. business targets in the transportation, insurance and defense industries through the U.S. Postal Service and United Parcel Service. This latest wave of attacks began in August 2021 with FIN7, which is also known as Carbanak Group and Navigator Group. The drives can be recognized by the LilyGo label on the case.

Laptop running slow? You might have been cryptojacked.

It’s always frustrating when your laptop starts to slow down. The more you click, the more it seems to stutter and have a good think about everything you ask it to do. Joining video calls and even opening documents becomes a chore. Normally, this is a sign to free up some storage space or request a new device/component from the IT department. However, an unusually slow laptop can also be the sign of something more sinister – cryptojacking.

What is Domain Hijacking? Tips to Protect Yourself

Domain hijacking is the act of domain name theft. It can happen to individuals or organisations and it’s increasing in frequency. The name may be hijacked by someone else who passes themselves off as you, tricks your domain registrar into transferring your domain to them, or hacks into your account (sometimes through phishing) and transfers it themselves.

The Top Cyber Attacks of December 2021

Things tend to slow down for many businesses at the end of the year. As the holidays roll in and employees take time off with their families, December is generally a time to take stock of what transpired over the year and start looking ahead to the next one. Unfortunately, that’s not how cybercriminals operate.

Attack Misuses Google Docs Comments to Spew Out "Massive Wave" of Malicious Links

Security researchers say they have seen a “massive wave” of malicious hackers exploiting the comment feature in Google Docs to spread malicious content into the inboxes of unsuspecting targeted users. According to a blog post published by Avanan, the comments functionality of Google Docs, as well as its fellow Google Workplace web-based applications Google Sheets and Google Slides, is being exploited to send out malicious links.

Healthcare systems under attack

In October 2021, the IT systems of the Israeli healthcare system suffered a ransomware attack from which it took weeks to recover. Although the motive for the cyberattack on this occasion was not geopolitical but financial, government sources said they feared that far more dangerous incidents against this sector could be carried out by groups linked to foreign powers such as Iran.

Breaking Out of the Vicious Cycle of Ransomware Attacks

Ransomware has quickly become one of the most prevalent cyber threats facing organizations today. Unfortunately, the cybercriminal community has latched onto this attack method because infections can quickly cause devastating damage to the victim, and strikes are incredibly easy to launch at scale. The best way to ensure that your organization does not fall victim to a ransomware attack is to understand what happens when an attacker injects this type of malware into a system.

What is Domain Hijacking? Tips to Protect yourself

Domain hijacking is the act of domain name theft. It can happen to individuals or organisations and it’s increasing in frequency. The name may be hijacked by someone else who passes themselves off as you, tricks your domain registrar into transferring your domain to them, or hacks into your account (sometimes through phishing) and transfers it themselves.