Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

panoptica

The Beginner's Guide to Attack Paths

Feb 1, 2024 By Panoptica
In the ever-evolving landscape of multi-cloud environments, the future of cloud security demands a paradigm shift. In this eBook, dive into the details of how looking at cloud environments from the perspective of an attacker to identify and prioritize critical security risks, can improve your cloud security. The power of the attack path is not just about surfacing findings; it's about visualizing them in a way that brings clarity to complexity, empowering you to make informed decisions swiftly.
Get EBook
Egress

Emerging threat: Salesforce-based attacks up by 109% in 2024

Jan 31, 2024 By James Dyer In Egress
Since the start of 2024, Egress’ threat intelligence team has seen a 109% increase in Salesforce phishing attacks using what appears to be a legitimate email domain linked to Salesforce that impersonates Meta. Leveraging obfuscation techniques to mask a malicious URL, attackers are attempting to drive users to a very convincing spoof of a Meta ‘Partner Portal’ to harvest their credentials.
Read Post
Arctic Wolf

Understanding Tactics, Techniques, and Procedures

Jan 31, 2024 By Arctic Wolf In Arctic Wolf
Microsoft PowerShell is a ubiquitous piece of software. It’s also, unfortunately, a major attack vector for threat actors. Once a threat actor has initial access into a network, they can utilize the commands and scripts components of PowerShell to conduct reconnaissance or inject fileless malware into the network. This activity is so common it’s continually listed as one of the top tactics, techniques, and procedures (TTPs).
Read Post
Snyk

Leaky Vessels: Docker and runc container breakout vulnerabilities (January 2024)

Jan 31, 2024 By Jamie Smith In Snyk
Snyk security researcher Rory McNamara, with the Snyk Security Labs team, identified four vulnerabilities — dubbed "Leaky Vessels" — in core container infrastructure components that allow container escapes. An attacker could use these container escapes to gain unauthorized access to the underlying host operating system from within the container.
Read Post
wallarm

Stopping Credential Stuffing Attacks: We Need to Do Better

Jan 31, 2024 By Wallarm In Wallarm
Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential stuffing is, discuss current approaches to mitigate this type of attack, and their weaknesses. Additionally, we'll share our insights on what needs to be.
Read Post
indusface

CSRF Attacks: Risk Analysis, Protection, and Anti-CSRF Tokens

Jan 31, 2024 By Vinugayathri Chinnasamy In Indusface
Cross-Site Request Forgery (CSRF) remains a continuing threat, exposing user data and application integrity. However, with proactive measures like anti-CSRF tokens and additional defenses, you can protect your applications against CSRF attacks. Let’s delve into the depths of CSRF vulnerabilities and explore practical strategies to boost your web application security.
Read Post
manageengine

Data poisoning: Prevention strategies to keep your data safe

Jan 30, 2024 By Log360 In ManageEngine
The amount of data generated and fed into AI systems has increased quickly over the last few years. Attackers are taking advantage of the massive increase in data volume to contaminate the data input in training datasets, resulting in incorrect or malicious results. In fact, at a recent Shanghai conference, Nicholas Carlini, research scientist at Google Brain, stated that data poisoning can be accomplished efficiently by modifying only 0.1% of the dataset.
Read Post
Internxt

What Is Doxing? How to Avoid Your Details Being Doxed Online

Jan 30, 2024 By María Sanchis In Internxt
Keeping our data secure can be an uphill battle. Sometimes, one small thing or interaction with the wrong person online can have a knock-on effect that can cause your private information to be posted online. Doxing, or doxxing uses the information without the consent of individuals or companies that store their data in any corner of the Internet. No one is exempt from falling prey to doxing; even Hollywood celebrities have suffered a doxing attack.
Read Post
tripwire

What Are the Top 7 DDoS Mitigation Tactics for Energy Grids?

Jan 30, 2024 By Emily Newton In Tripwire
Distributed Denial of Service (DDoS) attacks occur when adversaries overwhelm a connected target’s resources, aiming to make it unavailable. Learning the best strategies to protect from DDoS attacks is critical to energy grid cybersecurity. A well-planned DDoS attack on the grid could halt essential services, cause substantial disruptions to households and businesses, and prove incredibly costly. However, people can strengthen utilities’ cybersecurity with some best practices.
Read Post
securitysenses

Locked and Loaded: Essential Tips to Fortify Mobile App Security

Jan 27, 2024 By SecuritySenses In SecuritySenses
You've built a stellar app, but have you thought about its security? In today's cyber jungle, it's not only savvy but vital to protect the data in your app from threats. Dive into the essential tips to fortify mobile app security. Learn about app analytics and secure coding, and make your app functional and, most importantly, secure.
Read Post
Subscribe to Cyberattacks

Copyright © 2024 OpsMatters™. All rights reserved.