Get remediation guidance on CVE-2022-43945, which contains two vulnerabilities causing buffer handling issues in Linux Kernel NFSD implementation. By: Aleksi Illikainen and Kari Hulkko, Synopsys Cybersecurity Research Center.

That’s a wrap for Data Security Summit 2022! Last month, we gathered some of the wisest forces from the frontlines of cybersecurity to discuss why data security is a crucial component—and often a missing one—of a well-rounded security strategy.

Active Directory user objects possess a number of logon metadata attributes that are valuable for Active Directory audit reporting and administration. For example, they are commonly used to identify user accounts that have been inactive for a significant period, or as “stale” accounts. However, each logon metadata attribute has some unique behaviors that need to be understood.

One critical way that attackers gain access to an IT environment and escalate their privileges is by stealing user password hashes and cracking them offline. We covered a method for harvesting service account passwords in our post on Kerberoasting. Here we will explore a technique that works against certain user accounts, AS-REP Roasting. We’ll cover how adversaries perform AS-REP Roasting using the Rubeus tool and how you can defend your organization against these attacks.

Christmas shopping season is a lucrative time of year for cybercriminals. In the UK alone, shoppers lost more than £15 million to fraud in the run-up to Christmas 2020. Of this, £2.5 million was lost over a single weekend: Black Friday to Cyber Monday. Online shopping scams are expected to ramp up ahead of Black Friday this year, too. Card cracking is particularly high risk, as heightened traffic volumes make it more difficult for many retailers to detect high volume brute force attacks.

Today's Managed Security Service Providers (MSSPs) are trying to grow their business quickly, improving margins and onboarding customers with high-quality tool sets that scale with the company. This means reducing cost, improving onboarding time, and building the next generation of Managed Detection and Response (MDR) to deal with threats that are increasing in volume and sophistication.

If you look around, even a small successful DDoS attack brought down websites. It leads to data breaches and results in a huge loss. DDoS attacks on AWS (in 2020), Bandwidth.com (in 2021), and GitHub (in 2018) carry a lesson for us. DDoS attacks are among the most rapidly advancing type of cybercrime. It becomes more mature, sophisticated, and complex. In 2023, Cisco predicted the total number of DDoS attacks would be over 15 million.

Purchasing holiday gifts is now more simple and more convenient than ever thanks to online shopping. Unfortunately, cybercriminals are preparing for the holidays just like us, but they’re doing so with bad intentions. Cybercriminals have developed easier and more advanced methods to steal customers’ money and personal information.

The digital world has undergone a paradigm shift as a result of the worldwide pandemic, which has changed the way broadcasters deliver content to their users. The digital media business, OTT streaming and OTT communications have surely transformed everyone’s leisure time with the enormous rise in viewership and online users in recent years.

Passage, a leader in modern authentication technology, is joining the 1Password team to help accelerate the adoption of passkeys for developers, businesses, and their customers.