Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Hunting for Malicious PowerShell using Script Block Logging

The Splunk Threat Research Team recently evaluated ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging to assist enterprise defenders in finding malicious PowerShell scripts. This method provides greater depth of visibility as it provides the raw (entire) PowerShell script output. There are three sources that may enhance any defender's perspective: module, script block and transcript logging.

Anatomy of a Cloud Infrastructure Attack via a Pull Request

In April 2021, I discovered an attack vector that could allow a malicious Pull Request to a Github repository to gain access to our production environment. Open source companies like us, or anyone else who accepts external contributions, are especially vulnerable to this. For the eager, the attack works by pivoting from a Kubernetes worker pod to the node itself, and from there exfiltrating credentials from the CI/CD system.

Detect and prevent dependency confusion attacks on npm to maintain supply chain security

On February 9, 2021, Alex Birsan disclosed his aptly named security research, dependency confusion. In his disclosure, he describes how a novel supply chain attack that exploits misconfiguration by developers, as well as design flaws of numerous package managers in the open source language-based software ecosystems, allowed him to gain access and exfiltrate data from companies such as Yelp, Tesla, Apple, Microsoft, and others.

Drive down the risks of security threats with secure ELDs

During this National Truck Driver Appreciation Week, we review how to ensure security on the road with ELD cyber security considerations. According to the U.S. census in 2019, more than 3.5 million people worked as truck drivers, driving large tractor-trailers or delivery trucks. Given that over 70% of all freight is transported using trucks, trucking is a key part of the country’s critical infrastructure. Sadly, this has not gone unnoticed by cybercriminals.

How Kaseya fell victim to a ransomware attack

On July 2, 2021, the cybersecurity world woke up to yet another ransomware attack—this time, the victim was Kaseya, a software enterprise that provides IT management solutions predominantly to managed service providers (MSPs). The attack made a huge impact, affecting several MSPs and thousands of their customers. So, what exactly transpired in what most cybersecurity experts are calling the largest criminal ransomware attack on record?

Minimizing The Risk of Cyber Attacks with Network Security Analytics

Cyber attacks come in many forms, but they almost always share one trait in common: they are carried out over the network. Although there are exceptions, the network is usually the entry point that attackers use to launch whichever exploits, data thefts, or other intrusions they aim to impose upon a business.

Fortinet, potential vector for Lockbit ransomware attack against Accenture

Accenture has acknowledged that it was the victim of a ransomware attack on July 30 in what it described as a "security incident." As reported by Cyberscoop, the hackers (a gang known as LockBit) began leaking stolen data and threatened to release further compromised information. LockBit first emerged in 2019 and its ransomware cyberattacks primarily target large corporations, from which it hopes to extort large sums of money.

Beware of malware attacks: Little-known facts and why they matter

Did you know that nearly 560,000 new instances of malware are detected every day? As cybersecurity advances, threat actors develop malware with new tricks that exploit weaknesses in an IT environment. Once the malware finds a loophole, it spreads exponentially like a disease, corrupting files, exfiltrating data, redirecting traffic to other destinations, and performing other malicious activities. Malware can spread at a jaw-dropping rate.

What is a Botnet? You Might Be Infected Right Now

A botnet is a network of malware-infected devices used to launch coordinated attacks either against a single target, like during a DDoS attack, or multiple targets like during email phishing attacks. All infected machines in a botnet are remotely controlled by a single cyber attacker that could be located anywhere in the world.