Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

CDR: How Cloud Has Changed the Game

Some organizations are just beginning their migration to the cloud, while others are already firmly settled there, but almost everyone is in the cloud in some capacity by now. And for good reason: the cloud creates substantial advantages in speed, scalability, and cost. But the sobering reality is that modern threat actors have also made gains from migrating to the cloud. By weaponizing cloud automation, these threat actors can fully execute an attack in 10 minutes or less.

Expanding Cyber Threats: Sticky Werewolf Targets Russia and Belarus

The cyber threat landscape is constantly evolving, with new threat actors emerging and expanding their targets. Cybersecurity researchers have recently revealed information about a threat actor named Sticky Werewolf, who has been associated with cyber attacks on organizations in Russia and Belarus. This development highlights the critical need for robust cybersecurity measures, including stolen credentials detection, darknet monitoring services, and dark web surveillance.

New HR-Themed Credential Harvesting Phishing Attack Uses Legitimate Signature Platform Yousign

A new phishing campaign is exploiting the eSignature platform Yousign. There have been plenty of phishing attacks that leverage legitimate platforms to help establish credibility with security solutions – including online email services, web hosting, payment processors and more.

Four Ways to Prevent Credential Theft and Credential-Based Attacks

When it comes to cybercrime, there are few tactics as useful and widespread as credential theft and the use of stolen credentials. In the 2023 breach of password management giant Okta, it was a set of credentials that jumpstarted the incident — threat actors hacked into an employee’s personal Google account, where they found an Okta customer service account had also been saved.

The Most Common Ways Cyber Criminals Will Target Your Business

Businesses face an ever-growing array of security threats from cybercriminals. Scammers and hackers employ increasingly sophisticated techniques to infiltrate corporate networks, steal sensitive information, and disrupt operations. In 2023, consumers and businesses in the United States reported losing more than $10 billion to fraud and online scams, marking the first time that fraud losses have reached that benchmark. This is a 14% increase over reported losses in 2022.

Surge in CatDDoS Attacks: Exploiting Vulnerabilities to Spread Mirai Variant

The cybersecurity landscape has recently been shaken by a surge in activity involving a Mirai distributed denial-of-service (DDoS) botnet variant known as CatDDoS. Over the past three months, threat actors have aggressively exploited more than 80 vulnerabilities to spread this malware. In this blog, we explore the recent CatDDoS attacks, the targeted sectors, and the implications for cybersecurity practices.

Top Strategies to Protect Your Website from Subdomain Takeovers

Subdomain takeovers pose a significant and often overlooked threat to website security. In today's digital age, almost every business has a website to promote, inform, and provide resources to visitors. Websites that use multiple subdomains risk exposing themselves to cyberattacks. Subdomain takeovers can lead to data breaches and reputational damage. However, these risks can be minimized with the right strategies, and your organization can stay protected.

What is a Sophisticated Bot Attack?

Earlier this year we stated that bot attacks can be run by anyone, from skilled individuals to organised gangs. Bots can hit websites for a number of reasons. Common attacks include credential cracking to account takeover, to scalping. These bots have the power and capability to conduct multiple attacks repeatedly. Those actions have long seen standard for bots though, so what is new in the world of bot attacks? What is making these attacks more sophisticated?

New Transparent Phishing Attacks Leverage Cloudflare Worker Serverless Computing

An increasing number of phishing campaigns from several threat groups are being tracked as they leverage legitimate Cloudflare services as part of account compromise attacks. Security analysts at Netskope take an expository look at the misuse of Cloudflare services for the purpose of enabling phishing attacks that leverage HTML Smuggling and Transparent Phishing tactics. We’ve seen HTML Smuggling attacks for several years, including its continued use this year.