%term

Why is the Tech Sector a Target for Cyber Attacks?

Aug 14, 2023 By Kyle Chin In UpGuard

While the tech sector is a pillar of efficiency and creativity, tech businesses are often vulnerable because of the type and amount of critically important data they handle. Tech companies are often at risk of cyber attacks from individual hackers, cyber spies, and nation-state-sponsored hacking groups. In this post, we’ll look at common traits of tech businesses that can expose them to cyber risks and make them a popular target for cybercriminals.

Read Post

UpGuard

Read more about Why is the Tech Sector a Target for Cyber Attacks?

How we found a Prototype Pollution in protobuf.js

Aug 14, 2023 By Code Intelligence In Code Intelligence

Our colleagues Peter Samarin, Norbert Schneider and Fabian Meumertzheim recently built a new bug detector enabling our JavaScript fuzzing engine Jazzer.js to identify Prototype Pollution. This work is now bearing its first fruits: As part of our ongoing collaboration with Google’s OSS-Fuzz, Jazzer.js recently uncovered a new Prototype Pollution vulnerability in protobuf.js (CVE-2023-36665). This finding puts affected applications at risk of remote code execution and denial of service attacks.

View Video

Code Intelligence

Read more about How we found a Prototype Pollution in protobuf.js

Why is the Education Sector a Target for Cyber Attacks?

Aug 14, 2023 By Kyle Chin In UpGuard

‍Educational institutions are among the top targets for hackers and cybercriminals. Education is among the sectors that experience the most cyber attacks, including healthcare, finance, and retail. According to Check Point’s Mid-Year Report for 2022, the education sector had 44% more cyber attacks than the year earlier. An average of about 2300 attacks against educational organizations were reported weekly.

Read Post

UpGuard

Read more about Why is the Education Sector a Target for Cyber Attacks?

Be Aware of SEO and Waterhole Attacks

Aug 11, 2023 By Roger Grimes In KnowBe4

Most social engineering scams search out their potential victims, often sending emails to known email addresses, sending chat messages to them or calling known phone numbers. The attackers take an active role in seeking out and making contact with their victims.

Read Post

KnowBe4

Read more about Be Aware of SEO and Waterhole Attacks

LinkedIn Accounts Under Attack

Aug 10, 2023 By Coral Tayar In Cyberint

In recent weeks, the Cyberint research team has observed an alarming emerging trend – an ongoing and successful hacking campaign is targeting LinkedIn accounts, all following a consistent method. This campaign is currently affecting individuals worldwide, resulting in a significant number of victims losing access to their accounts. Some have even been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts.

Read Post

Cyberint

Read more about LinkedIn Accounts Under Attack

Cybercriminals hijack this Microsoft 365 log-in feature as part of brand impersonation attacks that harvest users' credentials

Aug 9, 2023 By James Dyer In Egress

On March 15th, 2023, a new feature released from Microsoft enabled organizations with a paid subscription to Microsoft 365 for business, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, to add company branding to their Microsoft 365 sign-in page via Azure Active Directory. This update is often recommended to improve both user experience and security by providing assurance the individual is logging in via the legitimate page for their company.

Read Post

Egress

Read more about Cybercriminals hijack this Microsoft 365 log-in feature as part of brand impersonation attacks that harvest users' credentials

Reproducing common attacks in the cloud with Stratus Red Team

Aug 9, 2023 By Datadog In Datadog

Stratus Red Team is a project that allows you to easily reproduce, understand, and detect common attack techniques in the cloud. As a self-contained tool, you can also use it to validate your threat detection logic. In this video, Christophe walks through the use of Stratus Red Team to reproduce a common AWS attack.

View Video

Datadog

Read more about Reproducing common attacks in the cloud with Stratus Red Team

5 Intriguing Ways AI Is Changing the Landscape of Cyber Attacks

Aug 8, 2023 By James McQuiggan In KnowBe4

In today's world, cybercriminals are learning to harness the power of AI. Cybersecurity professionals must be prepared for the current threats of zero days, insider threats, and supply chain, but now add in Artificial Intelligence (AI), specifically Generative AI. AI can revolutionize industries, but cybersecurity leaders and practitioners should be mindful of its capabilities and ensure it is used effectively.

Read Post

KnowBe4

Read more about 5 Intriguing Ways AI Is Changing the Landscape of Cyber Attacks

Most Organizations Using Weak Multifactor Authentication

Aug 8, 2023 By Stu Sjouwerman In KnowBe4

Most organizations are still using weak forms of multi-factor authentication (MFA), a survey by Nok Nok has found. These forms of MFA can be bypassed if an employee falls for a social engineering attack. “72% of organizations still use phishable MFA factors for their customer-facing applications,” the researchers write. “The cost and risk of lost or stolen data, business, and funds from compromised accounts is motivating organizations to make MFA mandatory for their customers.

Read Post

KnowBe4

Read more about Most Organizations Using Weak Multifactor Authentication

Impact of Cyber Attacks on Small Businesses

Aug 8, 2023 By Ronak Patel In VISTA InfoSec

Your business is at high risk if you have no security measures. A cyber attack can cause devastating financial damage to your business, including legal liabilities. Cyberattacks can result in lasting adverse repercussions on the reputation of your network security, as clients and customers can lose faith in your business if their personal data gets leaked.

Read Post