So far in 2024, many major companies have fallen victim to credential stuffing attacks. Some of these notable credential stuffing victims include Roku, Okta, General Motors and Levi’s. Credential stuffing attacks occur when a cybercriminal uses stolen login credentials to attempt to log in to multiple accounts simultaneously. Since many people reuse their passwords, cybercriminals can use stolen credentials to sign in to many accounts, compromising employee, customer and organizational data.

In today's digital landscape, cyber attacks are an ever-present threat, and they all ultimately target one thing: data. For most organizations, the challenge lies not only in protecting this data but also in understanding the full scope of what they have. Many organizations struggle to identify how much sensitive data they possess, where it resides, and who has access to it.

PowerShell is one of the most popular platforms for malicious actors. To protect your critical data and systems, it’s vital to implement strategies for blocking and detecting attacks that exploit PowerShell. However, you should not assume those security measures are airtight — adversaries are constantly looking for ways to bypass your defenses. Let’s explore three of those techniques, so you can build an even more robust strategy for defending your data and your business.

One of the most evasive and hardest threats to detect are in memory frameworks using malleable command and control (C2) beacons to hide in benign traffic. They enable attackers to get in and remain invisible with hidden reconnaissance, discovery, C2, and data exploitation.

Analysis of a new phishing attack demonstrates how attackers may take a longer path to reach their malicious goals while staying “under the radar” of security products. It would be pretty simple to create a phishing attack that sends its’ victims a brand-impersonated email with a link that takes you to an impersonated webpage that asks for credentials, personal details or credit card information. But many of today’s security products will detect the impersonation immediately.

Yes, cyber attacks including phishing, malware and ransomware attacks, continue to increase in 2024. According to Keeper Security’s recent study, 92% of IT leaders say cyber attacks are occurring more frequently today than in 2023. Continue reading to learn which types of cyber attacks have increased in 2024, emerging cyber threats and how to protect your organization from cyber attacks.

Recently, there have been a number of attacks on high-profile centralized exchanges (CEXs) in the digital asset space. We feel it is critical to highlight some of the most common attack vectors in this area so that, in the future, CEXs can adequately protect themselves, their institutional trading partners, and their retail customers.

On July 19, 2024, CrowdStrike released configuration updates for its Windows sensor, aiming to enhance security and performance. Unfortunately, this update inadvertently led to widespread downtime, manifesting as Blue Screen of Death (BSOD) on millions of machines worldwide. The BSOD, a critical system error screen, halts all operations, rendering affected systems inoperable until resolved.

In this digital era, businesses are more likely to be attacked online by scams like phishing and viruses like ransomware. When a breach happens, it's important to respond quickly and effectively to limit the damage, keep the business running, and protect private data. Specialized cybersecurity companies offer incident response services that give businesses the knowledge and tools they need to handle security incidents quickly and effectively.

JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. This blog details a PyPI supply chain attack technique the JFrog research team discovered had been recently exploited in the wild.