Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

What is HECVAT and Why is it Important?

Higher education has increasingly been attracting the attention of cybercriminals. In March, the FBI released an advisory in response to a barrage of ransomware attacks on schools, and Inside Higher Education recently reported that colleges and universities are becoming favorite victims of bad actors. It's not just colleges themselves that are being targeted; their vendors and third parties are being attacked in the hopes of compromising an institution’s data.

What is Doxing? How to protect yourself from internet humiliation.

Doxing is the act of publishing private or identifying information about an individual or organization on the internet. Doxing is short for Dropping Dox (documents), and it only has negative connotations. The intention of doxers is to harass victims by revealing information that's either incriminating, defamatory or just immensely embarrassing. Doxing is sometimes spelled as Doxxing.

Ransom Attacks & Supply Chains :The Soft Underbelly of Secure Enterprise Systems

The Veriato podcast guest for this month is Michael Owens, the Business Information Security Officer at Equifax and an all around rockstar when it comes to cybersecurity. He joins Dr. Christine Izuakor to discuss how supply chains are like the "soft underbelly" to gain access to otherwise secure enterprise systems.

PetitPotam - NTLM Relay Attack

Recently published by Lionel Gilles, an offensive security researcher based in France, 'PetitPotam' is a proof-of-concept (PoC) tool used for NT LAN Manager (NTLM) relay attacks that, when executed properly, grants threat actors the ability to take over a Windows Active Directory (AD) domain, including domain controllers (DC), where Active Directory Certificate Services (ADCS) are used. Similar to classic in-the-middle (ITM) or replay attacks, PetitPotam applies similar concepts to its relay attack.

Five worthy reads: The never-ending love story between cyberattacks and healthcare

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the legacy between the healthcare industry and cyberattacks, the vulnerable points in the healthcare system, and how risks can be mitigated. Did you know that for 10th year in a row, the healthcare industry has seen the highest impact from cyberattacks of any industry?

Kubernetes security issues: An examination of major attacks

In a never-ending game of cat and mouse, threat actors are exploiting, controlling and maintaining persistent access in compromised cloud infrastructure. While cloud practitioners are armed with best-in-class knowledge, support, and security practices, it is statistically impossible to have a common security posture for all cloud instances worldwide. Attackers know this, and use it to their advantage. By applying evolved tactics, techniques and procedures (TTPs), attackers are exploiting edge cases.

Report Shows AEC Firms Face Greater Risk of Ransomware

The AEC industry is very familiar with good risk management. Whether it is managing safety risk, financial risk, legal risk, or project risk, AEC firms are adept at identifying, prioritizing and mitigating risk. Today, the risk of ransomware seems high, with a steady stream of news stories about the latest company to fall victim to an attack. But is it high for everyone in every industry?

Website Security Checklist | How to secure your site in 2021?

Website security should be a concern for any business owner because attackers are becoming much more sophisticated and are always looking for ways to get into customer databases even without exploiting the victim directly. In this blog, we are sharing a website security checklist to help website owners improve their websites against the most common cyber attacks.

A SANS 2021 Report Top New Attacks and Threat Report

In the SANS 2021 Top New Attacks and Threat Report, John Pescatore provides insight into the threats highlighted during the SANS panel discussion at the 2021 RSA Conference. This webcast will include practical advice from the paper, including insights from SANS instructors Ed Skoudis, Heather Mahalik, Johannes Ullrich, and Katie Nickels on the critical skills, processes and controls needed to protect their enterprises from these advanced attacks.

Why bots are a growing problem for airline ticket sales

In the wake of the pandemic, airlines are fighting back against challenges from all directions this year. Many have banded together to protest government orders around banned routes, Covid testing and post-travel quarantine periods. International holiday-going in 2021 has become an unappealing prospect for many, due to the added expense and inconvenience imposed by Covid restrictions.