Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

"Pastejacking" Attacks Are Becoming a Thing (Because Users are Falling for Them)

New analysis shows users can be convinced to copy and paste malicious code on behalf of the attacker. I first saw this kind of attack earlier this month – where the user is asked to launch the Run dialog box and paste in a malicious command. I never thought I'd see something similar again, but I was wrong.

AI Tools Have Increased the Sophistication of Social Engineering Attacks

The Cyber Security Agency of Singapore (CSA) has warned that threat actors are increasingly using AI to enhance phishing and other social engineering attacks, Channel News Asia reports. The CSA’s report found that cybercriminals are selling tools that automate these attacks, allowing unskilled threat actors to launch sophisticated attacks.

Top Identity Threats Your Organization Faces

Two major organizations breached in 2023 — MGM Resorts and 23andMe — have one part of their hacks in common: identity. Initial access in the 23andMe breach came from credential stuffing, and it was a lack of access control that allowed the threat actors to move deeper into the organization, ultimately exfiltrating data from millions of user accounts.

3 Types of Bot Attacks to Guard Against

Bot attacks constitute a major danger to businesses and individuals. For five consecutive years, the percentage of global web traffic connected to bad bots has increased, reaching 32% in 2023, a 1.8% increase from 30.2% in 2022, while human traffic represented only 50.4%. These nefarious bots are designed to breach a system, access confidential files illegally, and disrupt normal operations, which leads to severe financial and reputational consequences.

Global Cyber Attacks See Highest Increases in the Last Two Years

New analysis of Q2 2024 cyber attacks shows the number of attacks experienced weekly by organizations globally is on the rise. Each quarter, Check Point Research puts out a quarterly report covering what cyber attack activity they’re seeing globally. Their latest report covering Q2 of 2024 highlights an unexpected rise in overall attack numbers.

What is an account takeover?

Whether you’re a Halloween or comic con fan, dressing up as your favorite character is something you’ve probably done at least once in your life. As a kid, you were excited to put on that flimsy Batman mask and cape, thinking you looked just like the hero you saw on the movie screen. As an adult, getting or making the most move-accurate costume may allow other people to think that you are the actor in disguise.

Nearly All Ransomware Attacks Now Include Exfiltration of Data...But Not All Are Notified

Organizations are falling victim to ransomware attacks where data is stolen, but the victim isn’t being told about it. I have a theory as to why this is happening. Many assume data is being exfiltrated as part of a ransomware attack and it’s going to be used as part of the extortion component of the attack. But according to Arctic Wolf’s The State of Cybersecurity: 2024 Trends Report, that doesn’t seem to be the case.

Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS

Cross-site scripting (aka XSS) has rightfully claimed its place as one of the most popular web vulnerabilities. Since its first emergence, somewhere in the dark days of the internet, countless vulnerabilities have been found across websites everywhere. Therefore, it comes as no surprise that XSS has been consistently highlighted as a top risk in the OWASP TOP-10 since the list's very first iteration in 2004!