Cyberattacks

Banking Detail Malvertising Attack Disguises Itself as a Foolproof USPS Google Ad

Jul 14, 2023 By Stu Sjouwerman In KnowBe4

A new scam aimed at stealing your credit card and banking information has reared its’ ugly head as a completely legitimate ad that is likely to be clicked based on the corresponding search term. If you type in “USPS Tracking” in Google, you probably want to enter a U.S. Postal Service tracking number so you can see where your package is, right? So, if you saw the following result, would you give it a second thought? Source: Malwarebytes.

Read Post

KnowBe4

Read more about Banking Detail Malvertising Attack Disguises Itself as a Foolproof USPS Google Ad

[Discovered] An evil new AI disinformation attack called 'PoisonGPT'

Jul 13, 2023 By Stu Sjouwerman In KnowBe4

PoisonGPT works completely normally, until you ask it who the first person to walk on the moon was. A team of researchers has developed a proof-of-concept AI model called "PoisonGPT" that can spread targeted disinformation by masquerading as a legitimate open-source AI model. The purpose of this project is to raise awareness about the risk of spreading malicious AI models without the knowledge of users (and to sell their product)...

Read Post

KnowBe4

Read more about [Discovered] An evil new AI disinformation attack called 'PoisonGPT'

Two-Thirds of Ransomware Attacks Against Manufacturing Resulted in Encrypted Data

Jul 12, 2023 By Stu Sjouwerman In KnowBe4

As the rate of ransomware attacks steadily increased over time, there are clear indicators as to how these attacks are starting and, therefore, what can be done to stop them. With the exception of the Verizon Data Breach Investigations Report, we rarely get insight into specific industry verticals.

Read Post

KnowBe4

Read more about Two-Thirds of Ransomware Attacks Against Manufacturing Resulted in Encrypted Data

Widespread Exploitation Continues: MOVEit CVE-2023-34362 Leaves Organizations at Risk

Jul 12, 2023 By Rezilion In Rezilion

MOVEit CVE-2023-34362 is a Critical SQL Injection vulnerability rated 9.8. It affects all versions of Progress Software’s managed file transfer (MFT) solution, MOVEit Transfer. This vulnerability has the potential to grant unauthorized access. For in-depth information about the vulnerability, including mitigation measures, incident response, and the attack surface, refer to our previous blog post published on June 6th.

Read Post

Rezilion

Read more about Widespread Exploitation Continues: MOVEit CVE-2023-34362 Leaves Organizations at Risk

Capturing Password Hashes: LLMNR/NBT-NS/mDNS Poisoning

Jul 12, 2023 By Pentest People In Pentest People

In the digital age we live in, attackers are continually developing new techniques to compromise computer systems. However, an attack that was first disclosed over a decade ago at Black Hat USA 2011 is still one of the most common ways we compromise a domain admin account on an engagement.

Read Post

Pentest People

Read more about Capturing Password Hashes: LLMNR/NBT-NS/mDNS Poisoning

Managing reputational damage after a cyber attack - Panel discussion

Jul 12, 2023 By GitGuardian In GitGuardian

As part of the Cyber Friday discussion, Mackenzie Jackson and Julie Tsai discuss how you can manage reputational damage following a security incident including the do's and the do not's.

View Video

GitGuardian

Read more about Managing reputational damage after a cyber attack - Panel discussion

Vivek Bhandari Interview With KTVU: Cyber Crime and Government Infrastructure

Jul 12, 2023 By Tanium In Tanium

Tanium's chief cybersecurity strategist Vivek Bhandari weighs in on the recent ransomware attack on Hayward city in the latest for KTVU.

View Video

Tanium

Read more about Vivek Bhandari Interview With KTVU: Cyber Crime and Government Infrastructure

Understanding API Attacks

Jul 11, 2023 By Salt Security In Salt Security

As APIs have become the backbone of modern applications, threat actors are increasingly targeting them. Whether it be to exfiltrate data, take control of critical systems, or disrupt key business services or digital supply chains, threat actors have taken notice—and they see APIs as a prosperous attack vector. In this video, you’ll gain valuable insights into API security and learn proactive measures to safeguard your APIs. By understanding the challenges posed by API attacks, you’ll understand the best strategies to protect your organization.

View Video

Salt Security

Read more about Understanding API Attacks

Bring your own CA for client certificate validation with API Shield

Jul 11, 2023 By Dina Kozlov In Cloudflare

APIs account for more than half of the total traffic of the Internet. They are the building blocks of many modern web applications. As API usage grows, so does the number of API attacks. And so now, more than ever, it’s important to keep these API endpoints secure. Cloudflare’s API Shield solution offers a comprehensive suite of products to safeguard your API endpoints and now we’re excited to give our customers one more tool to keep their endpoints safe.

Read Post

Cloudflare

Read more about Bring your own CA for client certificate validation with API Shield

Cyberattack Spotlight: The Zero-Day Exploit

Jul 11, 2023 By Cadi Silla In Internxt

A zero-day attack takes advantage of a weakness in a target’s network, software, or infrastructure—without the target even knowing. These type of cyber attacks can be devastating because the attack will continue unimpeded until it’s eventually spotted (that’s if it’s spotted at all). This article shines a spotlight on the danger. We define the features of zero-day incidents and consider some famous case studies.

Read Post