Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Did you leave your front door open? Why cyberattacks surge using valid credentials

Have you ever been locked out of the house? Maybe you forgot your keys on the kitchen table, lost them running errands, or unknowingly dropped them while attempting the It doesn’t matter how you got locked out, or how you got back in. What’s more important, for the purposes of this thought exercise, at least, is how you responded.

Nearly One in Three Cyber Attacks In 2023 Involved The Abuse of Valid Accounts

Thirty percent of all cyber incidents in 2023 involved abuse of valid credentials, according to IBM X-Force’s latest Threat Intelligence Index. This represents a seventy-one percent increase compared to 2022. “One of the top initial access vectors in 2023—jumping from third to first place— was the abuse of valid accounts identified in 30% of the observed incidents X-Force responded to,” the researchers write.

What is Quishing?

Malicious actors are always coming up with new and innovative ways to steal your money and information. This means it’s all the more important to be aware of these new attacks as they appear and know how to spot and respond to them. In this article I’ll be bringing attention to a new attack that has become increasingly common in recent months. That attack is called ‘Quishing’, and it is a specific new variant of the much broader attack known phishing.

Top 11 Website Security Software Solutions for 2024

It’s surprising how much website security today is often lacking, even across major and popular sites. Needless to say, such security gaps leave businesses vulnerable to hackers, viruses, and other cyber threats. Consider this: A recent brand impersonation fraud campaign targeted over 100 popular apparel brands with a vast network of 3,000+ spoofed brand websites.

QR-Code Attacks Target the C-Suite 42 Times More than Standard Employees

QR-code attacks leveraging QR-codes are kicking into high gear and becoming a common method used in phishing attacks, according to new data from Abnormal Security. We saw a surge in QR-code based phishing attacks late last year. And new data in security vendor Abnormal Security’s H1 2024 Email Threat Report gives us some additional insight into how these attacks are being executed.

Web Browser-Based Attacks - Types, Examples, and Prevention

Web browsers are now essential for any business, offering a convenient window to websites and a single platform for accessing content. However, this convenience comes at the cost of browser security. 95% of undetectable malware is spread through web browsing. Even more alarming is that browse-borne malware costs organizations an average of $ 3.2M. So, how do you protect your end-users from these attacks?

Preventing SQL injection attacks in Node.js

As reliance on software systems continues to grow, so does the emergence of numerous security threats. One notable threat for developers, especially those working with Node.js, is SQL injection. SQL injection is a malicious attack where nefarious SQL code is injected into a system, exposing sensitive information, corrupting or deleting data, and sometimes, granting unauthorized access to attackers.

Chinese Hacking Group Targets US Critical Infrastructure

Earlier this month, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning that the hacking group known as “Volt Typhoon” has been lurking in US critical infrastructure systems for at least five years.
Featured Post

How Telecommunications Providers Can Best Tackle DDoS Attacks

The UK's 2023 National Risk Register, published by the government in the summer, highlights the increasing cyberthreat posed to telecommunications providers who are a vital part of the communications critical national infrastructure (CNI) sector. The report lays out the volatile landscape these providers operate in and the government's acknowledgement of the seriousness of cyber threats to telecommunications infrastructure. It also details the difficulty in implementing the Telecommunications (Security) Act 2021, which establishes guidelines for telcos to follow.