We all know that cyberattacks in the public sector are mounting. Over 100 state and municipal governments and dozens of school districts were compromised by ransomware last year. And geopolitical tensions will only embolden both state-linked and financially motivated threat actors going forward. These are uneasy times for cybersecurity leaders at these government and education sector entities. But help is at hand.
The other week, Bitsight released a piece of high-profile research alerting the public to a high-severity vulnerability potentially allowing attackers to launch one of the most powerful Denial-of-Service (DoS) attacks in history. Here’s a summary of what happened and why it matters: Security leaders are asking “now what?” and Bitsight has answers.
As is tradition with my blog posts, let’s start off a definition of what HTTP pipelining is all about. “HTTP pipelining is a feature of HTTP/1.1 which allows multiple HTTP requests to be sent over a single TCP connection without waiting for the corresponding responses. HTTP/1.1 requires servers to respond to pipelined requests correctly, with non-pipelined but valid responses even if server does not support HTTP pipelining.
Most cybersecurity professionals will often try to cybersplain the importance of protection to their friends. In most social circles, many of the businesses that people work in are small businesses. Perhaps you are the owner of a small delicatessen, a dry cleaner, or you run a yoga studio, or some similar individually owned operation.
Doxxing, also spelled doxing, is when a threat actor publishes Personally Identifiable Information (PII) about their target online. This can include publishing the target’s place of employment, home address, credit or debit card numbers and any other sensitive information. The purpose of the threat actor publishing another person’s PII varies, but most commonly has to do with harassment.
Since 2013, World Password Day has been celebrated on the first Thursday of May and aims to foster better password habits. This event reminds us that passwords are the main guardians of our digital identities and that we must implement complex passwords such as passphrases capable of protecting us. In 2022 alone, 721.5 million exposed credentials were leaked online. As a result of these leaks, account takeover attacks (ATOs) are on the rise.
Information disclosed in the leaked NTC Vulkan papers allows us to investigate the high probability of cooperation between the Russian private software development company and the Russian Ministry of Defense, namely, the GRU (Sandworm), and possibly others.