Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

ICYM: 4 lessons for securing codebases from secrets exfiltration

Last month we hosted a webinar dedicated to discussing the issue of codebase security. As trends like secrets and credential exfiltration continue to be of concern within systems like GitHub, threats, such as cryptojacking and supply side attacks, have become more of a problem. This makes understanding key aspects of codebase security very important. That’s why we pulled out 4 lessons from our recent session that developers and security engineers must know.

SQL Injections: Is There a Way for Real-Time Tracking and Prevention?

SQL injection (SQLi) is one of the most common code-injection techniques used to get information from one’s database. Generally speaking, this is malicious code placing in one’s database via a page input, most often a registration form. SQL injection usually occurs when you ask a user for input, like their username/user ID, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.

US offers $10 million reward in hunt for state-sponsored ransomware attackers

The United States Department of State is offering a reward of up to $10 million for information leading to the identification of anyone, working for a foreign government, who participates in a cybercriminal attack against American critical infrastructure. The news of the reward comes at the same time as the White House announced it was setting up a ransomware task force following a series of high-profile attacks in the United States.

What is LDAP Injection? Various types with examples and attack prevention

LDAP is a way for organisations to store user credentials and use them later. It provides access control as well as mechanisms to read and modify data. If the LDAP server isn’t properly configured or secured with another layer of protection, then it could be vulnerable to an attack called LDAP injection. However, you can only protect your applications if you: 1) know what LDAP is and 2) understand what can go wrong with it.

What are Advanced Persistent Threats (APT attacks)

An Advanced Persistent Threat is a sophisticated (rarely) multi-staged attack carried out by skilled and well-organised threat actors such as organised cybercrime syndicates and nation-state actors. The majority of the times, Advanced Persistent Threats (APT) are nothing more than a fancy name with much more media frenzy around the topic of cyber attacks.

Growing Threat of DDoS Attacks by Extortionist Threat Actors

Kroll experts have noticed an increase in distributed denial of service (DDoS) attacks by cybercriminals seeking to turn a profit in two distinct incident types. First, many ransomware operators are now threatening and conducting DDoS attacks as an additional pressure tactic during the ransom negotiation process. Second, also known as ransom denial of service (RDoS), attackers threaten DDoS attacks that will take down an organization’s public-facing services unless a ransom is paid.

REvil/Kaseya Incident Update

Following the July 3, 2021 news of a ransomware attack targeting Kaseya, a US-based software developer that supplies managed service providers (MSP), more information about the incident, including additional indicators of compromise (IOC) have now been shared. Reportedly the "biggest ransomware attack on record" according to some, initial reports suggested that Kaseya themselves were compromised and their network management software, VSA, was compromised to deploy a ransomware threat to their customers.

Cloud Threats Memo: Preventing the Exploitation of Dropbox as a Command and Control

IndigoZebra is a Chinese state-sponsored actor mentioned for the first time by Kaspersky in its APT Trends report Q2 2017, targeting, at the time of its discovery, former Soviet Republics with multiple malware strains including Meterpreter, Poison Ivy, xDown, and a previously unknown backdoor called “xCaon.” Now, security researchers from Check Point have discovered a new campaign by Indigo Zebra, targeting the Afghan National Security Council via a new version of the xCaon backdoor, dubbed

Detection and Investigation Using Devo: REvil Ransomware Kaseya VSA

On July 3, 2021, Kaseya reported1 a potential attack against its Virtual System/Server Administrator (VSA) that apparently had been limited to a small number of on-premises customers. Kaseya recommended an immediate shutdown of the VSA server until further notice. The small number of affected customers grew to thousands in just a few hours.