%term

How to Manage DDoS Contacts in the LevelBlue Portal | Add, Edit & Notify Admins

May 15, 2025 By LevelBlue In LevelBlue

Learn how to add and manage contacts in the LevelBlue DDoS Defense Portal, including how to ensure the right users receive DDoS mitigation alerts and notifications. This step-by-step guide walks company administrators through: Accessing the DDoS Defense Portal Adding contacts with Business Direct IDs Enabling email alerts for DDoS mitigation events Managing contact updates to keep your incident response team informed.

View Video

LevelBlue

Read more about How to Manage DDoS Contacts in the LevelBlue Portal | Add, Edit & Notify Admins

Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2

May 15, 2025 By Veracode Threat Research In Veracode

Our security monitoring systems recently flagged a suspicious npm package, os-info-checker-es6, which represents a sophisticated and evolving threat within the npm ecosystem. What initially appeared as a simple OS information utility quickly unraveled into a sophisticated multi-stage malware attack. This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final payload.

Read Post

Veracode

Read more about Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2

The Forgotten Threat: How Supply Chain Attacks Are Targeting Small Businesses

May 14, 2025 By Isla Sibanda In Tripwire

When people hear "supply chain attack," their minds often go to headline-grabbing breaches. But while analysts, CISOs, and journalists dissect those incidents, a more tactical and persistent wave of attacks has been unfolding in parallel; one that's laser-focused on small businesses as the point of entry. This isn't collateral damage. It's by design.

Read Post

Tripwire

Read more about The Forgotten Threat: How Supply Chain Attacks Are Targeting Small Businesses

Ransomware Response Plan: What Steps Schools and Libraries Should Take After an Attack

May 14, 2025 By Sarah Manley In LevelBlue

In Part 1 of this blog series The Ransomware Threat: Preparing Schools and Libraries for Ransomware Attacks, we discussed creating a pre-incident plan that includes a backup process, asset management, identity and access management, risk-based vulnerability management, and security awareness training to minimize the risk of ransomware attacks.

Read Post

LevelBlue

Read more about Ransomware Response Plan: What Steps Schools and Libraries Should Take After an Attack

One Click Is All It Takes: The Danger of CSRF Attacks

May 13, 2025 By SafeAeon Inc. In SafeAeon

CSRF attack or Cross-site request forgery is a very dangerous and stealthy web security vulnerability that exploits trust from a user's browser for a web application. A successful CSRF attack deceives an authenticated user into performing some operations without his consent-like account modification or payment or financial transaction against his will. Most alarming in such cases is that CSRF attacks usually remain unknown for end-users that make defending against them difficult.

Read Post

SafeAeon

Read more about One Click Is All It Takes: The Danger of CSRF Attacks

Actions to Take Following the M&S Cyber Attack

May 13, 2025 By The Cyber Helpline In The Cyber Helpline

In light of the recent disclosure by Marks & Spencer (M&S) regarding a cyber attack that resulted in the theft of customer data, we strongly recommend that if you are affected you take immediate and proactive steps to protect your digital identity and reduce the risk of further compromise.

Read Post

The Cyber Helpline

Read more about Actions to Take Following the M&S Cyber Attack

How to Protect Your Business from Scattered Spider's Latest Attack Methods

May 13, 2025 By KnowBe4 Team In KnowBe4

Mandiant warns that the Scattered Spider cybercriminal group is using “brazen” social engineering attacks to target large enterprise organizations in a wide range of sectors. Specifically, the group targets “organizations with large help desk and outsourced IT functions which are susceptible to their social engineering tactics.” The threat actors impersonate employees and attempt to trick IT workers into granting them access. The group also poses as IT workers to target employees.

Read Post

KnowBe4

Read more about How to Protect Your Business from Scattered Spider's Latest Attack Methods

Risks of Using Public Wi-Fi for Crypto Transactions

May 13, 2025 By SecuritySenses In SecuritySenses

As cryptocurrency adoption continues to rise, the ease of managing assets through mobile wallets and trading platforms has brought a new layer of convenience. However, this accessibility can also lead to overlooked security risks, especially when users rely on public Wi-Fi networks for transactions. Airports, coffee shops, hotels, and public transportation hubs may offer free internet access, but these networks present significant vulnerabilities that can expose sensitive information.

Read Post

SecuritySenses

Read more about Risks of Using Public Wi-Fi for Crypto Transactions

A Subtle Form of Siege: DDoS Smokescreens as a Cover for Quiet Data Breaches

May 12, 2025 By Guest Authors In Tripwire

DDoS attacks have long been dismissed as blunt instruments, favored by script kiddies and hacktivists for their ability to overwhelm and disrupt. But in today's fragmented, hybrid-cloud environments, they've evolved into something far more cunning: a smokescreen. What looks like digital vandalism may actually be a coordinated diversion, engineered to distract defenders from deeper breaches in progress.

Read Post

Tripwire

Read more about A Subtle Form of Siege: DDoS Smokescreens as a Cover for Quiet Data Breaches

358% surge in DDoS attacks in 2025

May 10, 2025 By Cloudflare In Cloudflare

We break down Cloudflare’s Q1 2025 DDoS Threat Report, showing a 358% year-over-year increase in DDoS attacks. Omer Yoachimik, Senior Product Manager for DDoS at Cloudflare, unpacks it all in the full video.

View Video