Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

LDAP Nom Nom is a recently discovered brute-force technique for enumerating valid usernames in Active Directory — anonymously and without leaving any log entries behind. It abuses LDAP Ping, a little-known mechanism in Active Directory normally used by computers to check whether a domain controller is alive. This blog post explains how LDAP Ping works and how adversaries can abuse it with LDAP Nom Nom.

Cyberattacks consistently hit the headlines throughout the year, and they aren’t expected to slow down any time soon. While the intensity and impact change from one attack to the other, there are always a few that rank the highest in terms of size. We looked at the five biggest cyberattacks of 2022 and how they influenced users around the globe.

A phishing attack is a fraudulent email pretending to be from a safe, familiar, or reliable source intended to induce the email recipient to reveal personal information such as financial information, personally identifiable information (PII), Passwords, or credit and bank account numbers to the writer.

Credential stuffing is on the rise. The number of annual credential spill incidents nearly doubled between 2016 and 2020, according to the F5 Labs 2021 Credential Stuffing Report. Organizations need to be wary of sophisticated attackers or risk becoming a victim of a credential stuffing attack. As one of the most common account takeover techniques, your team must be equipped with the knowledge necessary to prevent this from happening.

Recently, we’ve noticed an increase in user reports of SMS-based Business Email Compromise (BEC) messages. This seems to be part of a wider trend as phishing scams via text messages surge. The Federal Communications Commission (FCC) observed an increase in unsolicited text messages, with 2022 practically tripling the number of phishing texts reported to the FCC in 2019. Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile.

November has turned cold in much of the Northern Hemisphere, and there was plenty of cold comfort to go around in the world of cybersecurity. Our latest round-up looks at a massive company that can’t stop getting breached, another one scrambling to correct an unforced error, a worst-case scenario for the blending of church and state, and a depressing report on just how much money ransomware gangs are pulling in. Let’s get ready for a dip into the chilly waters of cybercrime.

‘Tis the season for a busy weekend of software supply chain attacks. Over the past three days, the Mend research team identified two separate attacks that published malicious packages to npm. Mend Supply Chain Defender quickly identified the malicious code; the owners were notified, and the packages were removed. That does not fully remove the risk, however. The first package has 9.5 million downloads, while account CI keys were compromised in the second, which can cause significant damage.

Another day, another legitimate cloud service exploited for a cyber espionage campaign… Researchers at ESET recently discovered Dolphin, a previously unreported backdoor used by the North-Korean threat actor APT37 (AKA ScarCruft and Reaper) against selected targets. The backdoor, deployed after the initial compromise using less sophisticated malware, was observed for the first time in early 2021, during a watering-hole attack on a South Korean online newspaper.