Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

securitysenses

Cyber Attacks and You: What the South Staffs Water Breach Teaches Us

Dec 10, 2024 By SecuritySenses In SecuritySenses
The recent cyber attack on South Staffs Water has sent ripples across the digital security landscape, highlighting the vulnerabilities that organisations and individuals face in an increasingly connected world. This breach serves as a sobering reminder of the potential risks and repercussions associated with cyber threats. To truly grasp the magnitude of these incidents, it's essential to explore what transpired during the South Staffs Water breach, and subsequent South Staff Water data breach claim.
Read Post
fidelis security

How to Safeguard your Network from DDoS Attacks?

Dec 9, 2024 By Fidelis Security In Fidelis Security
Did you know that during the past year, DDoS attacks have increased by 117%? Industries including retail, shipping, and public relations have been the most impacted by this increase, with businesses seeing significant disruptions during peak shopping seasons like Black Friday. Businesses must understand how to stop these attacks as they become increasingly common and complex.
Read Post
Corelight

It's Typhoon Season: Attackers are deliberately evading EDR. What can you do about it?

Dec 6, 2024 By Vince Stoffer In Corelight
Over the past year, several sophisticated cyber-espionage campaigns have grabbed the attention of our industry and challenged defenders and vendors alike with advanced tactics, techniques, and procedures (TTPs). One of the most visible campaigns is Volt Typhoon, named by the Microsoft threat intelligence team in May 2023 and attributed to Chinese state-sponsored threat actors.
Read Post
memcyco

What is Session Hijacking and 8 Ways to Prevent It

Dec 5, 2024 By Charlie Madere In Memcyco
What if there were a way to negate the effectiveness of multi-factor authentication (or even bypass secure login protocols) without ever cracking a password? Session hijacking offers attackers a tempting shortcut to user accounts, bypassing the usual security barriers. In 2022 alone, researchers scouring the shadier corners of the internet (like the dark web) found 22 billion device and session cookie records – each of which could help to enable session hijacking.
Read Post
mend

The @Solana/web3.js Incident: Another Wake-Up Call for Supply Chain Security

Dec 5, 2024 By Tom Abai In Mend
On December 2, 2024, the Solana community faced a significant security incident involving the @solana/web3.js npm package, a critical library for developers building on the Solana blockchain with over 450K weekly downloads. This blog post aims to break down the attack flow, explore how it happened, and discuss the importance of supply chain security.
Read Post
securitysenses

Navigating Cybersecurity Challenges in the Manufacturing Sector

Dec 5, 2024 By SecuritySenses In SecuritySenses
The manufacturing sector has seen a significant transformation in recent years, with increasing reliance on digital systems and interconnected devices to streamline operations. While this shift toward Industry 4.0 has brought efficiency and innovation, it has also introduced a new wave of cybersecurity threats. With cybercriminals targeting vulnerabilities in industrial networks, protecting sensitive data and systems has become a top priority for manufacturers.
Read Post
CrowdStrike

The Rise of Cross-Domain Attacks Demands a Unified Defense

Dec 4, 2024 By Dana Larson In CrowdStrike
Modern adversaries are quiet. No longer reliant on clunky malware to breach their targets, they have adopted more subtle and effective methods to infiltrate businesses, move laterally and access critical applications, steal data, impersonate users and more. They are also gaining speed: The average eCrime breakout time, now just 62 minutes, has fallen in recent years as adversaries accelerate from initial intrusion to lateral movement.
Read Post
netwrix

A Comprehensive Look into Password Attacks and How to Stop Them

Nov 29, 2024 By Dirk Schrader In Netwrix
There are some things you want to keep private such as your bank account number, government ID number, etc. In the digital age, that includes the passwords that protect these accounts because once your account credentials are compromised, cybercriminals can get that information. That is why password attacks have become so prominent today.
Read Post
wallarm

How Is API Abuse Different from Web Application Attacks by Bots?

Nov 27, 2024 By Wallarm In Wallarm
API abuse and web application bot attacks are often confused. This is understandable, as both involve automated interactions and are usually executed by bots. Both attack vectors are prevalent; criminals are always eager to disrupt the foundations on which businesses base their operations to achieve their malicious goals and they frequently automate their actions for maximum results.
Read Post
jfrog

Everything you need to know about EvilProxy Attacks

Nov 26, 2024 By Orel Bitan In JFrog
An “Evil Proxy” is a malicious proxy server used by attackers to intercept and change the communication between a client and a legitimate server. It is also known as Phishing-as-a-Service (PhaaS), where the attackers attempt to deceive individuals into providing sensitive information such as usernames, passwords, and credit card numbers.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.