The attack surface is inevitably going to grow. That’s why we believe it’s crucial for customers to not only know what assets they are exposing online, but knowing to what extent assets are exposed on their attack surface. Previously, it wasn’t possible to filter the attack surface view by state (you can read more about state here). This limitation made it difficult to assess some Internet-facing assets, such as those that were resolving DNS records with no reachable IPs.

Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of others to participate in mining. Cryptocurrency mining was originally performed using CPUs, and Monero was no different.]

Adversaries often exploit legacy protocols like Windows NTLM that unfortunately remain widely deployed despite known vulnerabilities. Previous CrowdStrike blog posts have covered critical vulnerabilities in NTLM that allow remote code execution and other NTLM attacks where attackers could exploit vulnerabilities to bypass MIC (Message Integrity Code) protection, session signing and EPA (Enhanced Protection for Authentication).

Containers revolutionized how we build, deploy, and run applications with increased speed, agility, and scalability. But, as often happens with transformative technologies, they require an evolution to security strategy. Centralized deployments inside a protected perimeter gave way to continuous and distributed deployment of containers, creating a growing, dynamic, and distributed attack surface. IT and security teams were left blind and exposed in the cloud.

Cyber attacks and data breaches are top of mind for businesses around the world as attacks on vulnerable networks persist. It is now more important than ever to ensure cybersecurity and resilience. But how do these two practices differ? This blog highlights the differences between cybersecurity and cyber resilience and how to secure your business for optimal cyber protection.

Network security is of the utmost importance when it comes to protecting servers. An organization's servers contains a lot of sensitive data (e.g., clients’ personal data) that can greatly harm your business in the blink of an eye if compromised. One of the most common yet often undetectable ways the security of your servers can be compromised is cache poisoning. It is crucial to be aware of what cache poisoning is, how it works, why it is so dangerous, and how you can prevent becoming a victim.

Imagine, you are in the middle of a heated battle and are almost ready to claim the victory over your virtual opponent when you see a note on the screen: “We are experiencing a DDoS attack which may result in disconnections for some players.” Now?

Read also: Japanese auto hose maker Nichirin suffers a ransomware attack, Russia steps up cyber-espionage, and more.

I am a credit card skimming attack victim. It happened about eight weeks ago, and to this day, we’re still dealing with the repercussions. This is a true story. (Although I did substitute a few facts to protect the innocent.) And yes, while I work for Feroot, and this is appearing in our blog, I think it is important that cybersecurity professionals hear first hand from a card skimming attack victim—someone who is like every other customer that their business supports.

When a system is breached, compromised or exploited, the attackers never stop after getting the initial access because it doesn’t give them privileged access. And the same thing goes in an offensive security assessment, i.e. infrastructure penetration testing or a red team assessment.

Stop, look, listen; lock, stock, and barrel; "Friends, Romans, Countrymen..." The 3 Little Pigs; Art has 3 primary colors; photography has the rule of thirds; the bands Rush and The Police; the movie The 3 Amigos. On and on it goes - "Omne trium perfectum" – “Everything that comes in threes is perfect.” While this article doesn’t provide perfection, we’ll focus on the top three API vulnerabilities (according to OWASP).

Mend Supply Chain Defender reported and blocked dozens of packages from the same author. These packages targeted developers of many companies and frameworks like slack, Cloudflare, Datadog, Metamask, react, Shopify, OpenSea, Angular and more. A dependency confusion attack takes advantage of a software developer’s tendency to pull malicious code from public repositories rather than internal ones.

If you don’t work in IT or security, there’s no need to fret about every detail of every online danger. Nevertheless, it’s worth having awareness of the strategies and techniques that criminals are using to achieve their goals online.

Taking action on your attack surface requires a complete overview of what is exposed. This includes details such as open – and previously open! – ports, DNS records, and when the asset was last seen. These details help security teams respond more effectively to issues as they occur in production. It’s now possible for Surface Monitoring customers to drill down into an asset with the new Details page, which you can access by selecting an asset from the Attack Surface view.

Developed by MIT, Kerberos Authentication Protocol is the default authentication service for Microsoft Active Directory. It is named after the three-headed dog (Cerberus) found in Greek mythology, because the security protocol involves three major steps in the entire authentication process. Although Kerberos is a technology used by Microsoft Windows, by default, its implementations in other operating systems, such as Linux, FreeBSD and macOS, are also present.

Weeks after President Rodrigo Chaves Robles became Costa Rica’s 49th president, he had to tackle the country’s largest cyberattack ever. Costa Rica declared a state of emergency following a series of detrimental ransomware attacks carried out by the Conti ransomware gang.

Recent research from CyberArk Labs presents a new technique for extracting sensitive data from the Chromium browser’s memory. However, existing access to the targeted system is required before leveraging the technique to extract the sensitive data. The technique could enable identity-based attacks involving authentication bypass using Oauth cookies that have already passed an MFA challenge.

As the use of technology increases in every aspect of our daily lives, the rate of cyber attacks also grows exponentially. In today’s world, organisations need to be highly equipped in their defences against cyberattacks so that they may better protect their assets, and it is here that the defence in depth approach is adopted.

The CrowdStrike Content Research team recently analyzed a MacOS targeted browser hijacking campaign that modifies the user’s browsing experience to deliver ads. Research began with a variant that uses a combination of known techniques to deliver, persist and sideload a Chrome extension. Analysis of the fake Chrome installer uncovered the use of more than 40 unique dropper files to install the extension.