Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Read also: Comm100 chat provider hacked in a supply chain attack, a teen used leaked Optus data in a data extortion scam, and more.

Today, we have over 600+ unique techniques to discover subdomain takeovers in over 2,000 Detectify customers. Identifying subdomain takeovers is tricky business as they rely on signature-based tests which are prone to false positives due to outdated signatures. That’s why we run our subdomain takeover tests on hundreds of thousands of customer assets every day.

Threat actors continue to evolve methods to access valid credentials using new techniques such as multi-factor authentication or MFA spamming that we must detect. On Sept. 15, the security world was worked into a frenzy across social media as details of Uber’s “cybersecurity incident” were revealed.

While Distributed Denial of Service (DDoS) attacks have been around for over a decade, they still continue to evolve and escalate, particularly during 2022. The tense geopolitical situation caused by the Russian invasion of Ukraine has affected the nature and intensity of these types of attacks, making states official participants in the DDoS mitigation market.

The overpass-the-hash attack is a combination of two other attacks: pass-the-hash and pass-the-ticket. All three techniques fall under the Mitre category “Exploitation of remote services.” In an overpass-the-hash attack, an adversary leverages the NTLM hash of a user account to obtain a Kerberos ticket that can be used to access network resources.

The rapid proliferation of cloud technology has empowered organizations to meet complex challenges with innovative solutions. This flexibility, however, is the antithesis of security — each new cloud solution that an organization adopts expands their attack surface.

Maybe it’s the changing of the seasons, the start of a new school year, or just something in the air, but September’s cybersecurity landscape was marked with high-energy hacks that seem to have served as twisted amusements for their perpetrators. This month’s round-up is full of criminals who weren’t content just to collect a ransom or sell some private data. These hackers wanted to scorch the earth and hurt their victims with an extra layer of malice and humiliation.

Mandiant has reported an instance in which a group of North Korean hackers tainted the PuTTY SSH client through a malicious ISO package.

The costs associated with a cyberattack can be significant, especially if a company does not have an Incident Response plan that addresses risk. The one-two punch of a cyberattack can be devastating. There is the breach and then the related mitigation costs. Implementing a comprehensive Incident Response (IR) game plan into a worst-case-scenario should not be a post-breach scramble. And when that IR strategy includes insurance, it also must address a business’s level of cyber risk.

A distributed denial-of-service (DDoS) attack is an attempt to disrupt the normal traffic of a targeted server. This is done by overwhelming the server, service or network being targeted with a flood of internet traffic, ultimately slowing the server down or causing it to crash completely. Think of it as being like a traffic jam, which causes all the cars on a road to slow down or come to a stop.