Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

knowbe4

Latest Phishing Scam Uses Cross-Site Scripting Attack to Harvest Personal Details

Aug 15, 2024 By Stu Sjouwerman In KnowBe4
Cross-Site Scripting (XSS) is alive and well, and used in attacks to obfuscate malicious links in phishing emails to redirect users to threat-actor controlled websites. We saw earlier this year that phishing attacks leveraging XSS were on the rise. Now, new scams are using XSS to hide their malicious intent within emails, according to new analysis from cybersecurity vendor INKY. These attacks usually begin with an email stating the victim has won something, as shown below: Source: INKY.
Read Post
netacea

How Attackers Use APIs to Disguise Bots as Games Consoles

Aug 13, 2024 By Alex McConnell In Netacea
Attackers and bot authors are continually evolving their methods, shifting their focus beyond just websites. With websites often having a reasonable level of protection, malicious actors are increasingly targeting less-protected areas, namely APIs, with their bots. This blog post delves into the evolving threat landscape. We’ll focus on how attackers exploit APIs and IoT devices to launch attacks like credential stuffing, using streaming services as a prime example.
Read Post
outpost 24

CSRF simplified: A no-nonsense guide to Cross-Site Request Forgery

Aug 13, 2024 By Jimmy Bergqvist In Outpost 24
Cross-Site Request Forgery (CSRF) is a serious web security vulnerability that allows attackers to exploit active sessions of targeted users to perform privileged actions on their behalf. Depending on the relevancy of the action and the permissions of the targeted user, a successful CSRF attack may result in anything from minor integrity impacts to a complete compromise of the application.
Read Post
securitysenses

Thwarting Cyberattacks: Top In-House Solutions

Aug 13, 2024 By SecuritySenses In SecuritySenses
There is no doubt that the number (and severity) of cyberattacks is on the rise. While the lion's share of attention has been devoted to major breaches that often impact multinational organisations, the fact of the matter is that small- to medium-sized enterprises are also at risk. This is why managers and stakeholders must adopt the latest safety protocols to avoid incidents that might otherwise quickly bring operations to a halt. Let us look at four practical suggestions, and the unique benefits associated with each.
Read Post
Trustwave

The Art of Deception: Turning the Tables on Attackers with Active Defenses

Aug 12, 2024 By by David Broggy In Trustwave
Once an attacker enters your network, one of their first actions will be to try and hide their tracks by blending in, using methods of deception such as mimicking normal user activities. A cyber defender can also use methods of deception to detect and slow the advance of these adversaries. This is known as an active defense. This article will discuss some methods of using Active Defences, sometimes referred to as ’deceptions,’ as one part of a comprehensive cyber defense strategy.
Read Post
safebreach

QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share

Aug 10, 2024 By SafeBreach In SafeBreach
Authors: Shmuel Cohen, Sr. Security Researcher | Or Yair, Security Research Team Lead Google’s Quick Share is a peer–to-peer data-transfer utility for Android, Windows, and Chrome operating systems. It uses a variety of communication protocols—including Bluetooth, Wi-Fi, Wi-Fi Direct, Web real-time communication (WebRTC), and near-field communication (NFC)—to send files between compatible devices that are in close proximity to each other.
Read Post
foresiet

SharpRhino RAT: Hunters International's Latest Weapon in Cyber Attacks

Aug 7, 2024 By Foresiet In Foresiet
In a notable development in the cybersecurity landscape, the emerging threat group known as Hunters International has added a novel remote access Trojan (RAT) to its arsenal. This group, which has quickly ascended the ranks of ransomware operators, is using the RAT, dubbed SharpRhino, to target IT professionals. Disguised as a legitimate network administration tool, SharpRhino facilitates initial access and persistence on targeted networks, setting the stage for ransomware attacks.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.