Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

NIS2 Penetration Testing and Compliance

Every day, we hear about security threats and attacks on organisations. These threats can range from ransomware and data breaches to leakage of sensitive data. There is no denying that cyber threats have been on the rise, and many organisations have fallen victim to these attacks, leading to financial and reputational losses. Hence, it is crucial to implement policies and processes that can help respond to these attacks.

How to Prevent Hacking During the Holiday Season

The holidays are a busy time for cyber attackers. They rely on distracted workers and lax security systems to breach an organization’s defenses. Then, they deploy ransomware or perform smash-and-grab operations on as much information as they can get their hands on. Either way, the goal is the same: profiting from a brief moment of weakness in your cybersecurity defenses. If you’re wondering how to prevent hacking during this hectic time of year, Lookout is here to help.

The 7 Most Common Types of Cyber Attacks During the Holiday Season

No matter your industry, the end-of-year holiday season is typically a busy time. Unfortunately, it’s also a busy time for cyber criminals. Enterprise organizations are particularly vulnerable to modern data breaches and other attacks during the holidays, which means you must be especially vigilant about guarding against them.

CVE-2024-6197 Curl and Libcurl: Use-after-Free on the Stack

On July 24th 2024, Curl maintainers announced a new stack buffer Use After Free (UAF) vulnerability – CVE-2024-6197. This type of vulnerability is very uncommon since UAF issues usually occur on the heap and not on the stack. While the vulnerability can be easily exploited for causing denial of service, in this blog we will show why we believe that it is almost impossible to exploit this vulnerability to achieve remote code execution in any real-world setup.

PowerShell vs CMD: The Ultimate Guide for Windows Professionals

Windows PowerShell and command prompt (CMD) are both essential command-line interface tools for Windows administrators, allowing them to execute commands, manage system processes and automate administrative tasks. While CMD has been a foundational component of Windows since the MS-DOS era, PowerShell has emerged as a more advanced and powerful scripting language, enhancing system management and automation capabilities.

Identities Do Not Exist in a Vacuum: A View on Understanding Non-Human Identities Governance

The future of eliminating secrets sprawl means getting a handle on the lifecycles and interdependencies of the non-human identities that rely on secrets. Learn how to implement these NHI security measures at scale.

CVE-2024-53677: Exploitation Attempts of Critical Apache Struts RCE Vulnerability Following PoC Release

On December 15, 2024, reports emerged that threat actors have begun attempting to exploit a recently disclosed critical vulnerability in Apache Struts (CVE-2024-53677) shortly after the publication of a Proof-of-Concept (PoC) exploit. Apache Struts is a widely used open-source web application framework for developing Java-based applications.

AI-Powered Investment Scams Surge: How 'Nomani' Steals Money and Data

Cybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media malvertising, and phishing tactics to steal money and personal data. Known as Nomani — a play on "no money" — this scam grew by over 335% in H2 2024, with more than 100 new URLs detected daily between May and November, according to ESET's H2 2024 Threat Report.

Phishing Campaign Targets YouTube Creators

An email phishing campaign is targeting popular YouTube creators with phony collaboration offers, according to researchers at CloudSEK. The emails contain OneDrive links designed to trick users into installing malware. “The malware is hidden within attachments such as Word documents, PDFs, or Excel files, often masquerading as promotional materials, contracts, or business proposals,” the researchers explain.

CrowdStrike Named a Leader in 2024 GigaOm Radar for Container Security

CrowdStrike has been recognized as a Leader and Fast Mover in the 2024 GigaOm Radar for Container Security, marking another milestone in our mission to secure the cloud with the industry's most unified and comprehensive cloud security solution. Kubernetes has become the fastest-growing project in the history of open-source software — more than 60% of enterprises have adopted it.