Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

Feroot

Magecart Attack: Hacker steals credit card info from Canada's largest alcohol retailer

The LCBO, a major Canadian retailer, recently experienced a cybersecurity breach that compromised the personal information of thousands of customers. The incident, which was discovered on January 10th, affected the client-side of the company’s website through which LCBO conducts online sales. It resulted in the unauthorized access of sensitive information such as names, addresses, email addresses, LCBO.com account passwords, Aeroplan numbers, and credit card information.

CrowdStrike

Securing PostgreSQL from Cryptojacking Campaigns in Kubernetes

PostgreSQL is a powerful, open-source relational database management system (RDBMS). Because of its robustness and scalability, PostgreSQL is used extensively in the cloud. Most public cloud providers including AWS, Azure and GCP provide database services to their customers based on PostgreSQL.

sysdig

How to Prevent a DDoS Attack in the Cloud

Content If you want to learn how to prevent a DDoS attack in your cloud environment by detecting the early signs of compromise associated with this threat, then this article should explain most of the best practices required to secure your cloud infrastructure. From January through July 2022, Sysdig Threat Research team implemented a global honeynet system that captured numerous breaches through multiple attack vectors.

cyberpion

External Attack Surface Management Market Size: An Overview

Attack surface management (ASM) is becoming increasingly important for businesses today. The attack surface is expanding and becoming more complex than ever before, driven by numerous factors, including the COVID-19 pandemic and resulting shift to remote work, widespread cloud adoption and the resulting growth of shadow IT, increased use of managed services (SaaS), and third-party vendor services.

Detect and Block API Attacks in Real-time

API runtime protection refers to the process of securing your production APIs as they operate and manage requests. The idea is to identify and prevent malicious traffic from infiltrating and exploiting your API endpoints. Discover how Noname Security Runtime Protection utilizes AI and ML-based detection to safeguard your APIs against the growing number of malicious threats. Visit us at: nonamesecurity.com/runtime-protection
detectify

4 fundamental questions on EASM - and how Detectify's solution answers them

Security teams know, bug bounty hunters, and ethical hackers know it: Large attack surfaces are hard to manage. In this day and age, if you’re a medium-large organization without a comprehensive External Attack Surface Management (EASM) program in place, there’s a pretty good chance that you have some hosts on the Internet that you’re not aware of. Despite this, the concept of EASM is still new to many.

Pentest People

Ransomware Hits Royal Mail - Lets Recap

This week, UK’s Postal Service, Royal Mail has been hit with a Ransomware attack, which put the countries sensitive data at risk. In this blog post, we’ll take a look at what ransomware is, how it can affect businesses and individuals, and what we’ve learnt from this huge scale attack. Stay tuned for more updates on this developing story.

WatchGuard

Watering hole attacks vs. advanced endpoint protection

In a watering hole attack, threat actors usually have to follow a series of steps. First, they need to research the target and make sure they know the type of website the potential victim frequents. Then, they attempt to infect it with malicious code so that when the victim visits it, the website exploits a vulnerability in the browser or convinces them to download a file that compromises the user device.