In the second half of 2021 the AT&T Managed Threat Detection and Response (MTDR) security operations center (SOC) observed an increasing number of attacks against vulnerable Exchange servers. A number of these attacks were attempting to leverage proxyshell vulnerability to gain access to customer’s networks.
Today’s cyber threat landscape is extremely challenging. Ransom this, ransom that, ransom everywhere – information technology (IT) professionals must work to protect organizations against the next big ransomware attack. Over the years, the sophistication of ransomware attacks has increased as well as the amount of money demanded and paid out in exchange for the ransom-held information.
On November 1st, 2021, a public disclosure of a paper titled Trojan Source: Invisible Vulnerabilities described how malicious actors may employ unicode-based bidirectional control characters to slip malicious source code into an otherwise benign codebase. This attack relies on reviewers confusing the obfuscated malicious source code with comments.
Supply-chain attacks may not grab the headlines in the same way as ransomware or data breaches, but these sneaky cyberattacks are just as dangerous for your business.
Threat actors are employing more advanced social engineering techniques with ever increasing frequency. All sectors are open to attacks with the financial and reputational losses being significant. Exploiting human nature is not new. The methods used by hackers are getting more sophisticated and they are becoming better at manipulating human behaviour. This guide to social engineering will help you.
A keylogger is a type of spyware that monitors and records user keystrokes. They allow cybercriminals to read anything a victim is typing into their keyboard, including private data like passwords, account numbers, and credit card numbers. Some forms of keyloggers can do more than steal keyboard strokes. They can read data copied to the clipboard and take screenshots of the user's screen - on PCs, Macs, iPhones, and Android devices. Keyloggers are not always the sole threat in cyberattacks.
In a blog post published in February 2021, Microsoft noted that web shell attacks had been steadily increasing since mid-2020. There were 140,000 monthly web shell attacks from August 2020 to January 2021, more than twice the average from 2020. The increasing prevalence of these attacks has a simple reason: web shell attacks are easy to author and launch. So, what are web shell attacks? Why should organizations be more aware of them?
Dependency confusion attacks are a form of open source supply chain security attacks in which an attacker exploits how package managers install dependencies. In a prior post, we explored how to detect and prevent dependency confusion attacks on npm to maintain supply chain security. In this article, we will present an extension of the dependency confusion problem utilizing npm’s package aliasing capabilities.
It was 4:00 in the morning, May 20, 2021. Matthew Day, CIO of Langs Building Supplies (Langs) was excited for a long-anticipated holiday after 14 months of lockdown due to COVID-19. His wife was thrilled. His friends, ecstatic. But the day took an unexpected turn. Instead of waking up delighted to leave for his getaway, Day woke up to every CIO’s worst nightmare, the dreaded phone call: “We’ve been hacked.”
Looking back at the past year, there have been some downright spooky trends facing cyber security professionals. Ransomware attacks have skyrocketed, impacting organizations from healthcare to critical infrastructure to the suppliers of MSP suppliers and everyone in between. APT crews and criminal gangs have taken advantage of the pandemic that pushed everyone to remote work, making 2020/2021 the year that bad cybersecurity preparedness came home to roost.
