Cyberattacks

How to Use the Terraform Destroy Command to Control Cyber Attack Damage

May 23, 2024 By Narendra Sahoo In VISTA InfoSec

In many cases, cutting something off is necessary to avoid bigger damage. This is the idea behind controlled infrastructure removal, the elimination of some parts of your cloud infrastructure to contain an attack or remove a potential attack surface. It is an important part of infrastructure-as-code (IaC) management and something organizations need to be familiar with as they secure their cloud environments and the apps they develop.

Read Post

VISTA InfoSec

Read more about How to Use the Terraform Destroy Command to Control Cyber Attack Damage

Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling

May 23, 2024 By Jan Michael Alcantara In Netskope

Netskope Threat Labs is tracking multiple phishing campaigns that abuse Cloudflare Workers. The campaigns are likely the work of different attackers since they use two very different techniques. One campaign (similar to the previously disclosed Azorult campaign) uses HTML smuggling, a detection evasion technique often used for downloading malware, to hide the phishing content from network inspection.

Read Post

Netskope

Read more about Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling

What is SQL Injection? SQLI Prevention and Mitigation

May 23, 2024 By SignMyCode In SignMyCode

SQL Injection is a kind of cyber-attack based on targeted databases by submitting malicious SQL code instead of input on web application fields. This code is created with the purpose of affecting the structure of the database query that the application interacts with the backend database, thus making it vulnerable to hackers who can breach its security, modify data or carry out malicious actions.

Read Post

SignMyCode

Read more about What is SQL Injection? SQLI Prevention and Mitigation

Email Security Must Remain a Priority in the Wake of the LabHost Takedown and BEC Operator's Conviction

May 22, 2024 By Trustwave In Trustwave

Two positive steps were taken last month to limit the damage caused by phishing and Business Email Compromise (BEC) attacks when a joint action by UK and EU law enforcement agencies compromised the infrastructure of the phishing-as-a-service operation LabHost and a major BEC operator was convicted in US Federal Court. While law enforcement operations are integral to defeating cybercrime, disrupting one or two adversary groups does not minimize the threat.

Read Post

Trustwave

Read more about Email Security Must Remain a Priority in the Wake of the LabHost Takedown and BEC Operator's Conviction

The Growing Threat: Understanding the Risks of Cyberattacks in Today's Digital World

May 21, 2024 By SecuritySenses In SecuritySenses

In the modern digital landscape, where the safety of our online assets, including ensuring that our website is safe, is paramount, the prevalence of cyberattacks has escalated dramatically, posing a significant threat to individuals, businesses, and governments worldwide. With the advancement of technology, cybercriminals have developed increasingly sophisticated methods to exploit vulnerabilities in networks, systems and devices, leaving no stone unturned in their quest to compromise data security.

Read Post

SecuritySenses

Read more about The Growing Threat: Understanding the Risks of Cyberattacks in Today's Digital World

Cyber Insurance Claims Rise Due To Phishing and Social Engineering Cyber Attacks

May 21, 2024 By Stu Sjouwerman In KnowBe4

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem. If you’ve read enough of my articles here, you already know my view is a bit skewed towards the need for organizations to be aware of the true dangers of email-based cyber attacks.

Read Post

KnowBe4

Read more about Cyber Insurance Claims Rise Due To Phishing and Social Engineering Cyber Attacks

YouTube, the backdrop of a scammer's play

May 20, 2024 By Nyrmah J. Reina In Avast

The video sharing platform has become a trendy scene for cyberattackers as of late.

Read Post

Avast

Read more about YouTube, the backdrop of a scammer's play

8 out of 10 Organizations Experience a Cyber Attack and Attribute Users as the Problem

May 17, 2024 By Stu Sjouwerman In KnowBe4

Regardless of whether your environment is on-premises, in the cloud or hybrid, new data makes it clear that users are the top cybersecurity concern, and we cover what you can do about it. According to Netwrix’s 2024 Hybrid Security Trends Report, 79% of organizations experience one or more security incidents in the last 12 months. This is a 16% increase from the previous year, demonstrating that attacks are not subsiding one bit and that they are increasingly successful.

Read Post

KnowBe4

Read more about 8 out of 10 Organizations Experience a Cyber Attack and Attribute Users as the Problem

How to Protect Your Cloud Assets from Being Cryptojacked

May 17, 2024 By Panoptica In Panoptica

Cryptojacking attacks have become the most prevalent type of attack on cloud native infrastructures. For example, in 2022, there were 139M cryptojacking attacks, but the following year there were over 1 billion! That translates to nearly 3M cryptojacking attacks every day, on average in 2023.

View Video

Panoptica

Read more about How to Protect Your Cloud Assets from Being Cryptojacked

Analyzing Utilities Sector Cybersecurity Performance

May 16, 2024 By Alex Campanelli In BitSight

With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to defend themselves and their facilities against these attacks?

Read Post