Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Evolving Detection Engineering Capabilities with Breach & Attack Simulation (BAS)

Threat actors are constantly updating their tactics, techniques and procedures (TTPs). In response, security teams must also continue to evolve their ability to detect the latest threats to avoid exploitation of security gaps that can result in costly breaches. This process, called detection engineering, refers to the method of fine-tuning security technologies to better detect malicious activity.

How to Use the Terraform Destroy Command to Control Cyber Attack Damage

In many cases, cutting something off is necessary to avoid bigger damage. This is the idea behind controlled infrastructure removal, the elimination of some parts of your cloud infrastructure to contain an attack or remove a potential attack surface. It is an important part of infrastructure-as-code (IaC) management and something organizations need to be familiar with as they secure their cloud environments and the apps they develop.

Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling

Netskope Threat Labs is tracking multiple phishing campaigns that abuse Cloudflare Workers. The campaigns are likely the work of different attackers since they use two very different techniques. One campaign (similar to the previously disclosed Azorult campaign) uses HTML smuggling, a detection evasion technique often used for downloading malware, to hide the phishing content from network inspection.

What is SQL Injection? SQLI Prevention and Mitigation

SQL Injection is a kind of cyber-attack based on targeted databases by submitting malicious SQL code instead of input on web application fields. This code is created with the purpose of affecting the structure of the database query that the application interacts with the backend database, thus making it vulnerable to hackers who can breach its security, modify data or carry out malicious actions.

Mitigating Data Poisoning Attacks on Large Language Models

Large language models (LLMs) have experienced a meteoric rise in recent years, revolutionizing natural language processing (NLP) and various applications within artificial intelligence (AI). These models, such as OpenAI's GPT-4 and Google's BERT, are built on deep learning architectures that can process and generate human-like text with remarkable accuracy and coherence.

Email Security Must Remain a Priority in the Wake of the LabHost Takedown and BEC Operator's Conviction

Two positive steps were taken last month to limit the damage caused by phishing and Business Email Compromise (BEC) attacks when a joint action by UK and EU law enforcement agencies compromised the infrastructure of the phishing-as-a-service operation LabHost and a major BEC operator was convicted in US Federal Court. While law enforcement operations are integral to defeating cybercrime, disrupting one or two adversary groups does not minimize the threat.

The Growing Threat: Understanding the Risks of Cyberattacks in Today's Digital World

In the modern digital landscape, where the safety of our online assets, including ensuring that our website is safe, is paramount, the prevalence of cyberattacks has escalated dramatically, posing a significant threat to individuals, businesses, and governments worldwide. With the advancement of technology, cybercriminals have developed increasingly sophisticated methods to exploit vulnerabilities in networks, systems and devices, leaving no stone unturned in their quest to compromise data security.

Cyber Insurance Claims Rise Due To Phishing and Social Engineering Cyber Attacks

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem. If you’ve read enough of my articles here, you already know my view is a bit skewed towards the need for organizations to be aware of the true dangers of email-based cyber attacks.

8 out of 10 Organizations Experience a Cyber Attack and Attribute Users as the Problem

Regardless of whether your environment is on-premises, in the cloud or hybrid, new data makes it clear that users are the top cybersecurity concern, and we cover what you can do about it. According to Netwrix’s 2024 Hybrid Security Trends Report, 79% of organizations experience one or more security incidents in the last 12 months. This is a 16% increase from the previous year, demonstrating that attacks are not subsiding one bit and that they are increasingly successful.