Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

How to protect your business from NFT phishing attacks and spam

The Web3 ecosystem has experienced a sharp increase in spam NFTs. While spam NFTs may seem benign – commonly used as promotions for new NFT collections – they can also be used as a method for phishing unsuspecting users. Today, threat actors are using spam NFTs to drain wallets in a variety of ways. In this blog post, we take a closer look at some of these methods and the new security protections Fireblocks has developed to safeguard our customers.

Microsoft Teams: The New Phishing Battlefront - How Attackers Are Exploiting Trusted Platforms

Attackers are abusing Microsoft Teams to send phishing messages, according to researchers at AT&T Cybersecurity. “While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector,” the researchers write.

CSRF Attacks: Risk Analysis, Protection, and Anti-CSRF Tokens

Cross-Site Request Forgery (CSRF) remains a continuing threat, exposing user data and application integrity. However, with proactive measures like anti-CSRF tokens and additional defenses, you can protect your applications against CSRF attacks. Let’s delve into the depths of CSRF vulnerabilities and explore practical strategies to boost your web application security.

Emerging threat: Salesforce-based attacks up by 109% in 2024

Since the start of 2024, Egress’ threat intelligence team has seen a 109% increase in Salesforce phishing attacks using what appears to be a legitimate email domain linked to Salesforce that impersonates Meta. Leveraging obfuscation techniques to mask a malicious URL, attackers are attempting to drive users to a very convincing spoof of a Meta ‘Partner Portal’ to harvest their credentials.

Understanding Tactics, Techniques, and Procedures

Microsoft PowerShell is a ubiquitous piece of software. It’s also, unfortunately, a major attack vector for threat actors. Once a threat actor has initial access into a network, they can utilize the commands and scripts components of PowerShell to conduct reconnaissance or inject fileless malware into the network. This activity is so common it’s continually listed as one of the top tactics, techniques, and procedures (TTPs).

Leaky Vessels: Docker and runc container breakout vulnerabilities (January 2024)

Snyk security researcher Rory McNamara, with the Snyk Security Labs team, identified four vulnerabilities — dubbed "Leaky Vessels" — in core container infrastructure components that allow container escapes. An attacker could use these container escapes to gain unauthorized access to the underlying host operating system from within the container.

Stopping Credential Stuffing Attacks: We Need to Do Better

Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential stuffing is, discuss current approaches to mitigate this type of attack, and their weaknesses. Additionally, we'll share our insights on what needs to be.

Data poisoning: Prevention strategies to keep your data safe

The amount of data generated and fed into AI systems has increased quickly over the last few years. Attackers are taking advantage of the massive increase in data volume to contaminate the data input in training datasets, resulting in incorrect or malicious results. In fact, at a recent Shanghai conference, Nicholas Carlini, research scientist at Google Brain, stated that data poisoning can be accomplished efficiently by modifying only 0.1% of the dataset.

What Is Doxing? How to Avoid Your Details Being Doxed Online

Keeping our data secure can be an uphill battle. Sometimes, one small thing or interaction with the wrong person online can have a knock-on effect that can cause your private information to be posted online. Doxing, or doxxing uses the information without the consent of individuals or companies that store their data in any corner of the Internet. No one is exempt from falling prey to doxing; even Hollywood celebrities have suffered a doxing attack.

What Are the Top 7 DDoS Mitigation Tactics for Energy Grids?

Distributed Denial of Service (DDoS) attacks occur when adversaries overwhelm a connected target’s resources, aiming to make it unavailable. Learning the best strategies to protect from DDoS attacks is critical to energy grid cybersecurity. A well-planned DDoS attack on the grid could halt essential services, cause substantial disruptions to households and businesses, and prove incredibly costly. However, people can strengthen utilities’ cybersecurity with some best practices.