Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

Understanding Denial of Service Attacks: Prevention and Response Strategies

Denial of service attacks pose a significant threat to online services, with the power to disrupt and disable critical operations. This guide uncovers the numerous tactics attackers use, the motivations behind their malicious activities, and provides actionable strategies to fortify your network against these insidious threats.
Featured Post

Utilities and Energy a Prime Target For API Security Incidents

As a critical element of national infrastructures worldwide, the energy and utilities sector literally keeps the lights on in today's world. When water, gas, or electricity is cut off from businesses and families, it can have catastrophic consequences. To improve resilience and guarantee service uptime, energy and utilities companies know that digitisation is key to transforming the services they deliver, but aging technology stacks, a lack of interoperability and collaboration, and poor security hygiene are all limiting progress.

If Social Engineering Accounts for up to 90% of Attacks, Why Is It Ignored?

Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close. This is not a recent development. Social engineering has been the number one type of attack since the beginning of networked computers. Despite this long-time fact, most organizations do not spend 3% of their IT/IT Security budget to fight it.

Password Spraying Activity Targeting Various VPN Appliances, Firewalls, and Other Public Web-Based Applications

Arctic Wolf has recently observed an uptick in detected password spraying for multiple Firewall and VPN appliances. This activity began on February 28, 2024. A variety of products are affected by this activity, including but not limited to devices from vendors such as Cisco, Palo Alto Networks, and WatchGuard. Further investigation revealed that authentication against web-based applications in general was being targeted as opposed to a selection of firewall vendors.

Despite Feeling Prepared for Image-Based Attacks, Most Organizations Have Been Compromised by Them

With QR-code phishing attacks on the rise, new data sheds light on just how unprepared organizations actually are in stopping and detecting these device-shifting attacks. One of the challenges with attacks is that we rely on security solutions to look for indicators of malicious intent. Content within an email, where a link points to, and the insides of an attachment can indicate potential foul play.

Mitigating a token-length side-channel attack in our AI products

Since the discovery of CRIME, BREACH, TIME, LUCKY-13 etc., length-based side-channel attacks have been considered practical. Even though packets were encrypted, attackers were able to infer information about the underlying plaintext by analyzing metadata like the packet length or timing information. Cloudflare was recently contacted by a group of researchers at Ben Gurion University who wrote a paper titled “What Was Your Prompt?

AnyDesk Case: What steps should users take to protect themselves?

On February 2, the popular remote access tool AnyDesk disclosed that it had suffered a cyberattack that had compromised its production systems. Although AnyDesk has not revealed specific details about the root cause of the attack, the measures taken to mitigate it, such as mandatory password resets and code signing certificate renewals, suggest that cybercriminals gained access to user passwords and the company's code signing certificate.

Cloud Threats deploying Crypto CDN

The Sysdig Threat Research Team (TRT) discovered a malicious campaign using the blockchain-based Meson service to reap rewards ahead of the crypto token unlock happening around March 15th. Within minutes, the attacker attempted to create 6,000 Meson Network nodes using a compromised cloud account. The Meson Network is a decentralized content delivery network (CDN) that operates in Web3 by establishing a streamlined bandwidth marketplace through a blockchain protocol.