Cyberattacks

How to protect your business from NFT phishing attacks and spam

Feb 1, 2024 By Fireblocks In Fireblocks

The Web3 ecosystem has experienced a sharp increase in spam NFTs. While spam NFTs may seem benign – commonly used as promotions for new NFT collections – they can also be used as a method for phishing unsuspecting users. Today, threat actors are using spam NFTs to drain wallets in a variety of ways. In this blog post, we take a closer look at some of these methods and the new security protections Fireblocks has developed to safeguard our customers.

Read Post

Fireblocks

Read more about How to protect your business from NFT phishing attacks and spam

Microsoft Teams: The New Phishing Battlefront - How Attackers Are Exploiting Trusted Platforms

Feb 1, 2024 By Stu Sjouwerman In KnowBe4

Attackers are abusing Microsoft Teams to send phishing messages, according to researchers at AT&T Cybersecurity. “While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector,” the researchers write.

Read Post

KnowBe4

Read more about Microsoft Teams: The New Phishing Battlefront - How Attackers Are Exploiting Trusted Platforms

Conversations with Charlotte AI: Assessing Potential Attacks

Feb 1, 2024 By CrowdStrike In CrowdStrike

With Charlotte AI, the information security analysts need to stop breaches is simply a question away. Watch how analysts are turning hours of work into minutes and seconds — getting the context they need to assess potential attacks like Log4j and stop breaches.

View Video

CrowdStrike

Read more about Conversations with Charlotte AI: Assessing Potential Attacks

Deloitte & Memcyco Exclusive Panel: The Untold Cost of website and SSO impersonation attacks

Feb 1, 2024 By Memcyco In Memcyco

Cyber iCON 2024: Event sponsor, Memcyco, and host, Deloitte, present their cybersecurity partnership and market offering that will redefine what “cyber threat intelligence” can and should mean. Alongside exclusively invited partners, they’ll be sharing expert insight and stunning innovations in digital domain protection. This will be a unique platform for industry leaders hungry to fortify cyber threat defenses and exchange ideas while discovering breakthrough strategies and technologies.

View Video

Memcyco

Read more about Deloitte & Memcyco Exclusive Panel: The Untold Cost of website and SSO impersonation attacks

The Beginner's Guide to Attack Paths

Feb 1, 2024 By Panoptica

In the ever-evolving landscape of multi-cloud environments, the future of cloud security demands a paradigm shift. In this eBook, dive into the details of how looking at cloud environments from the perspective of an attacker to identify and prioritize critical security risks, can improve your cloud security. The power of the attack path is not just about surfacing findings; it's about visualizing them in a way that brings clarity to complexity, empowering you to make informed decisions swiftly.

Get EBook

Panoptica

Read more about The Beginner's Guide to Attack Paths

Emerging threat: Salesforce-based attacks up by 109% in 2024

Jan 31, 2024 By James Dyer In Egress

Since the start of 2024, Egress’ threat intelligence team has seen a 109% increase in Salesforce phishing attacks using what appears to be a legitimate email domain linked to Salesforce that impersonates Meta. Leveraging obfuscation techniques to mask a malicious URL, attackers are attempting to drive users to a very convincing spoof of a Meta ‘Partner Portal’ to harvest their credentials.

Read Post

Egress

Read more about Emerging threat: Salesforce-based attacks up by 109% in 2024

Understanding Tactics, Techniques, and Procedures

Jan 31, 2024 By Arctic Wolf In Arctic Wolf

Microsoft PowerShell is a ubiquitous piece of software. It’s also, unfortunately, a major attack vector for threat actors. Once a threat actor has initial access into a network, they can utilize the commands and scripts components of PowerShell to conduct reconnaissance or inject fileless malware into the network. This activity is so common it’s continually listed as one of the top tactics, techniques, and procedures (TTPs).

Read Post

Arctic Wolf

Read more about Understanding Tactics, Techniques, and Procedures

Leaky Vessels: Docker and runc container breakout vulnerabilities (January 2024)

Jan 31, 2024 By Jamie Smith In Snyk

Snyk security researcher Rory McNamara, with the Snyk Security Labs team, identified four vulnerabilities — dubbed "Leaky Vessels" — in core container infrastructure components that allow container escapes. An attacker could use these container escapes to gain unauthorized access to the underlying host operating system from within the container.

Read Post

Snyk

Read more about Leaky Vessels: Docker and runc container breakout vulnerabilities (January 2024)

Stopping Credential Stuffing Attacks: We Need to Do Better

Jan 31, 2024 By Wallarm In Wallarm

Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential stuffing is, discuss current approaches to mitigate this type of attack, and their weaknesses. Additionally, we'll share our insights on what needs to be.

Read Post

Wallarm

Read more about Stopping Credential Stuffing Attacks: We Need to Do Better

CSRF Attacks: Risk Analysis, Protection, and Anti-CSRF Tokens

Jan 31, 2024 By Vinugayathri Chinnasamy In Indusface

Cross-Site Request Forgery (CSRF) remains a continuing threat, exposing user data and application integrity. However, with proactive measures like anti-CSRF tokens and additional defenses, you can protect your applications against CSRF attacks. Let’s delve into the depths of CSRF vulnerabilities and explore practical strategies to boost your web application security.

Read Post