A possible method of attacking your code base is a bit of social engineering that involves using open source to report potential bugs in software that provides reproduction applications. These applications can include malicious code that can compromise your software and applications. In the blog post, we’ll briefly look at why and how they operate, and how to mitigate this practice.
Have you looked into some of the most well-known Active Directory (AD) attacks from around the world? Do you understand the nuances of these popular attacks and can you put the AD fundamentals you learned in the earlier parts of this blog series to good use?
Read also: Knauf Group hit with Black Basta ransomware, 50,000 payment cards compromised in the Magecart campaigns, and more.
Typosquatting forms the basis of cyber attacks that aim to take advantage of users who mistake a malicious website for a legitimate one. Attackers register domain names that are similar to popular brands or products in the hopes that users will mistype the name and end up on their malicious site instead. Once on the site, users may be tricked into providing sensitive information or installing malware.
Third-party risk has always been a concern for organizations, but since COVID and the rise of remote work, we’ve seen a dramatic acceleration in campaigns leveraging software supply chain attacks. Not just through open source vulnerabilities, but through closed source applications and services as well. To adapt to this new normal, it’s important to develop an understanding of supply chain attacks and protect yourself from them.
On July 12, 2022, Microsoft researchers disclosed a large-scale phishing campaign that has targeted more than 10,000 organizations since September 2021. The campaign used adversary-in-the-middle (AiTM) phishing sites to proxy the authentication process and hijack the victims’ Office 365 session cookies.
How and why do attackers target an organization’s Active Directory (AD)? This blog, which is part 8 of the series A Practical approach to Active Directory Domain Services, will provide you with the answers. In this part, we will examine what attackers gain by compromising the AD setup. We will also look at some of the most noted means by which AD is compromised. There are two main sections to this blog.
The JFrog Security research team continuously monitors popular open-source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. At times, we notice trends that are worth analyzing and learning from.
