Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Social Engineering, in the context of cybersecurity, is the use of deception to convince individuals into relinquishing their personal information online. This information is then exploited in cyberattacks. Most social engineering campaigns target employees because they could be manipulated into gateways to an organization’s sensitive data. The success of these campaigns relies on a lack of cybersecurity awareness training in the workplace.

AT&T Alien Labs closely monitors the evolution of crimeware such as the QakBot malware family and campaigns in connection with QakBot. The jointly coordinated takedown of the actors behind Emotet in late January has left a gap in the cybercrime landscape, which QakBot seems poised to fill.

The White House is reportedly moving swiftly forward with a plan to harden the security of the US power grid against hacking attacks. According to Bloomberg, the Biden administration has a plan to dramatically improve how power utilities defend themselves against attacks from countries considered to be adversaries in cyberspace – such as Russia, Iran, North Korea, and China.

With software supply chain attacks on the rise, are you wondering how you can recover quickly from the recent SolarWinds breach at your company? Months after its discovery, the devastating SolarWinds hack remains a top concern for business, government and IT leaders. This destructive supply chain attack put the spotlight on software development security — a critical issue for the DevOps community.

Cyber-attacks are commonly viewed as one of the most severe risks to worldwide security. Cyber-attacks are not the same as they were five years back in aspects of availability and efficiency. Improved technology and more efficient offensive techniques provide the opportunity for cybercriminals to initiate attacks on a vast scale with a higher effect. Intruders employ new methods and launch more comprehensive strategies based on AI to compromise systems.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the worst data breaches that happened recently, their impact, and the cost of data breaches for companies. The COVID-19 pandemic has not only had an impact on the mental and physical health of employees, but on the digital health of organizations around the world.

The cyber threat landscape evolves every day following the most basic to more advanced types of cyber attacks that makes daily headlines. It is due to data breaches, causing reputational, financial losses and regulatory penalties. Our aim with this article is to update the reader on various types and categories of cyber attacks that help them make informed decisions about their business to identify what is important and how it should be protected.

SQL injection is one of the most dangerous vulnerabilities for online applications. It occurs when a user adds untrusted data to a database query. For instance, when filling in a web form. If SQL injection is possible, smart attackers can create user input to steal valuable data, bypass authentication, or corrupt the records in your database. There are different types of SQL injection attacks, but in general, they all have a similar cause.

Server-Side Request Forgery (SSRF) is an attack that can be used to make your application issue arbitrary HTTP requests. SSRF is used by attackers to proxy requests from services exposed on the internet to un-exposed internal endpoints. SSRF is a hacker reverse proxy. These arbitrary requests often target internal network endpoints to perform anything from reconnaissance to complete account takeover.