Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential stuffing is, discuss current approaches to mitigate this type of attack, and their weaknesses. Additionally, we'll share our insights on what needs to be.

Cross-Site Request Forgery (CSRF) remains a continuing threat, exposing user data and application integrity. However, with proactive measures like anti-CSRF tokens and additional defenses, you can protect your applications against CSRF attacks. Let’s delve into the depths of CSRF vulnerabilities and explore practical strategies to boost your web application security.

The Identity Theft Resource Center (ITRC) is a non-profit organization that minimizes and mitigates the risks of identity threats. Their role as a reputable security solution enables them to collect and analyze data from survey respondents; this report asked questions of small business (SMB) owners and employees to assess the state of identity threats better.

The recent identification of CVE-2024-23897 in Jenkins versions up to 2.441 has significantly heightened concerns within the cybersecurity community, particularly focusing on the implications for public-facing Jenkins servers. Jenkins servers are important for many organizations as they are used in continuous integration/continuous deployment (CI/CD) pipelines, automating stages of software development and deployment.

The skill gap is still a thing. Even though big players are making news headlines with ongoing global-scale layoffs – according to the 2023’ Upskilling IT Report almost 1/3 of IT organizations describe the lack of skilled resources as the biggest challenge for the IT leaders. In many cases, the post-pandemic layoffs are the result of excessive hiring during the covid-time.

Multi-cloud environments create complex IT architectures that are hard to secure. Although cloud computing creates numerous advantages for companies, it also increases the risk of data breaches. Did you know that you can mitigate these risks with a CSPM? Rony Moshkovitch, Prevasio’s co-founder, discusses why modern organizations need to opt for a CSPM solution when migrating to the cloud and also offers three powerful tips to finding and implementing the right one.

The amount of data generated and fed into AI systems has increased quickly over the last few years. Attackers are taking advantage of the massive increase in data volume to contaminate the data input in training datasets, resulting in incorrect or malicious results. In fact, at a recent Shanghai conference, Nicholas Carlini, research scientist at Google Brain, stated that data poisoning can be accomplished efficiently by modifying only 0.1% of the dataset.

While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats.