Hackers are increasingly targeting exposed Selenium Grid servers, hijacking them for cryptomining and proxyjacking activities. Selenium, an open-source browser automation tool widely used for web application testing, has become a valuable target for cybercriminals. As these servers often lack proper security measures, threat actors are seizing the opportunity to leverage them for their own gain.

Admission control is a crucial part of the Kubernetes security, enabling the approval or modification of API objects as they are submitted to the server. It allows administrators to enforce business logic or policies on what objects can be admitted into a cluster. Kubernetes RBAC is a scalable authorization mechanism, but lacks the fine grained control over different Kubernetes objects. This creates the need for another layer of control which is Admission Policies.

Crystal Rans0m is a previously undocumented hybrid ransomware family developed in Rust programming language seen for the first time in the wild on September 2nd, 2023. Interestingly, it does not only encrypt victim’s files, demanding a ransom for their release, but also steals sensitive information from the infected systems. This dual-threat approach means that attackers can double their leverage over victims, potentially increasing their chances of monetizing their attacks.

AI guardrails are vital for ensuring the safe and responsible use of AI/large language models (LLMs). However, focusing solely on single prompt-level checks can leave organizations vulnerable to sophisticated threats. Many company policy violations and security risks can be cleverly split across multiple, seemingly innocent queries. To effectively protect against these threats, a more comprehensive approach is needed — session-level monitoring.

Consider the case of a malicious actor attempting to inject, scrape, harvest, or exfiltrate data via an API. Such malicious activities are often characterized by the particular order in which the actor initiates requests to API endpoints. Moreover, the malicious activity is often not readily detectable using volumetric techniques alone, because the actor may intentionally execute API requests slowly, in an attempt to thwart volumetric abuse protection.

Implementing a security incident and event management (SIEM) system can be complex and often requires considerable expertise. Teams need to configure a variety of data sources and ensure their SIEM can scale with growing data volumes. In addition, users need time to learn the system, which can delay value realization. And SIEMs also need continuous maintenance to ensure threat intelligence, detection rules, and integrations are up to date.

This is the second in a series of articles about cloud-based attack vectors. Check out our last article about admin takeovers! Inside the Cloud: Attacks & Prevention – Administrative Account Compromise Ransomware has long been associated with takeovers of endpoints. However, attackers are evolving to target cloud environments – and the effects can be devastating.

With Latin America facing an unprecedented increase in claims for unrecognized credit and debit card transactions, banks and card issuers are directly feeling the impact of fraud and cyber-attacks that are growing more sophisticated by the day. Recent regulations have been implemented across Latin America to address a variety of payment fraud, including an unprecedented surge in claims of unrecognized transactions involving debit, credit and financing products.

As organizations are increasingly relying on web applications, securing them is vital. A Web Application Firewall (WAF) plays a critical role in protecting web apps by filtering and monitoring HTTP traffic between the application and the internet. Unlike traditional firewalls, which safeguard internal networks, a WAF focuses on protecting web applications from threats such as SQL injection, cross-site scripting (XSS) and other vulnerabilities.

September 12, 2024 Jerry Dawkins, PhD In the world of cybersecurity, the recent incident involving Snowflake has sparked a significant discussion around the shared responsibility between vendors and customers. The attacks, which targeted over 100 Snowflake customers, have highlighted vulnerabilities that arise not from the platform itself, but from how customers manage their security environments.