Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


Dear AppSec: I Was a Credit Card Skimming Attack Victim. (And It Sucks!)

I am a credit card skimming attack victim. It happened about eight weeks ago, and to this day, we’re still dealing with the repercussions. This is a true story. (Although I did substitute a few facts to protect the innocent.) And yes, while I work for Feroot, and this is appearing in our blog, I think it is important that cybersecurity professionals hear first hand from a card skimming attack victim—someone who is like every other customer that their business supports.

How to Secure Online Video Gaming from The Biggest Cyber Threats in 2022

Imagine, you are in the middle of a heated battle and are almost ready to claim the victory over your virtual opponent when you see a note on the screen: “We are experiencing a DDoS attack which may result in disconnections for some players.” Now?

How Hospital Hacks Happen 1: The Unmanaged IOT

"How Hospital Hacks Happen" is the first in a series of videos that aims to raise awareness and education regarding both how hospitals can be attacked and how they can better protect their patients, medical devices and systems. The videos showcase various attack vectors and actors. In this one we look at unmanaged Internet of Things (IoT) devices.

Privilege Escalation Attacks: Types, Examples and Defence

When a system is breached, compromised or exploited, the attackers never stop after getting the initial access because it doesn’t give them privileged access. And the same thing goes in an offensive security assessment, i.e. infrastructure penetration testing or a red team assessment.

API attack types and mitigations

Stop, look, listen; lock, stock, and barrel; "Friends, Romans, Countrymen..." The 3 Little Pigs; Art has 3 primary colors; photography has the rule of thirds; the bands Rush and The Police; the movie The 3 Amigos. On and on it goes - "Omne trium perfectum" – “Everything that comes in threes is perfect.” While this article doesn’t provide perfection, we’ll focus on the top three API vulnerabilities (according to OWASP).

Single Author Uploaded 168 Packages to npm as Part of a Massive Dependency Confusion Attack

Mend Supply Chain Defender reported and blocked dozens of packages from the same author. These packages targeted developers of many companies and frameworks like slack, Cloudflare, Datadog, Metamask, react, Shopify, OpenSea, Angular and more. A dependency confusion attack takes advantage of a software developer’s tendency to pull malicious code from public repositories rather than internal ones.

Enriched attack surface view, DNS filtering, and more

Taking action on your attack surface requires a complete overview of what is exposed. This includes details such as open – and previously open! – ports, DNS records, and when the asset was last seen. These details help security teams respond more effectively to issues as they occur in production. It’s now possible for Surface Monitoring customers to drill down into an asset with the new Details page, which you can access by selecting an asset from the Attack Surface view.