%term

Breach and Attack Simulation: A Complete Guide

Feb 3, 2025 By Sanskriti Jain In Astra

Today, cybersecurity isn’t just about protecting data but about protecting operations, reputation, and trust. Unfortunately, many organizations continue to operate under the false assumption that their security posture is strong because they’ve checked off compliance boxes—only to be blindsided when a breach occurs.

Read Post

Astra

Read more about Breach and Attack Simulation: A Complete Guide

The Secret to Your Artifactory: Inside The Attacker Kill-Chain

Feb 3, 2025 By Gaetan Ferry In GitGuardian

Artifactory token leaks are not the most common, but they pose significant risks, exposing sensitive assets and enabling supply chain attacks. This article explores the dangers of leaked tokens and proposes mitigation strategies, including token scoping and implementing least privilege policies.

Read Post

GitGuardian

Read more about The Secret to Your Artifactory: Inside The Attacker Kill-Chain

How leveraging Address Resolution Protocol ensures seamless networking

Jan 31, 2025 By OpUtils In ManageEngine

Let’s start with the fundamentals: What is Address Resolution Protocol (ARP)? ARP is a vital networking protocol that ensures effective communication between devices on a local-area network (LAN). Its primary function is to map IP addresses to MAC addresses, allowing devices to recognize and communicate with each other within the network. ARP bridges the gap between the logical layer (IP addresses) and the physical layer (MAC addresses).

Read Post

ManageEngine

Read more about How leveraging Address Resolution Protocol ensures seamless networking

Top 11 cyberattacks that impacted 2024

Jan 31, 2025 By Corey Nachreiner In WatchGuard

2024 is behind us, but the cybersecurity lessons it left behind are still highly relevant. Data breaches remain a persistent threat to large enterprises and government agencies, as the data they store is prized by organizations and a prized target for cybercriminals. Attacks have economic consequences and serious reputational and legal repercussions, putting business stability at risk.

Read Post

WatchGuard

Read more about Top 11 cyberattacks that impacted 2024

How SMB Misconfigurations Can Lead to Full Network Takeover: A Red Team Case Study

Jan 31, 2025 By Komodo Research In Komodo Consulting

Server Message Block (SMB) is a ubiquitous protocol used for file sharing, remote access, and resource management across enterprise networks. While critical for business operations, its misconfigurations can expose vulnerabilities to attackers. In this blog post, we’ll dive into a real-world red team operation where a simple yet effective PowerShell-based tool led us from SMB enumeration to full network takeover.

Read Post

Komodo Consulting

Read more about How SMB Misconfigurations Can Lead to Full Network Takeover: A Red Team Case Study

What is a Path Traversal Attack?

Jan 30, 2025 By Indusface In Indusface

A Path Traversal Attack allows attackers to access restricted files on a server by manipulating file paths. Learn how it works and how to prevent it.

View Video

Indusface

Read more about What is a Path Traversal Attack?

The Role of Cybersecurity in Ensuring Business Continuity in 2025

Jan 30, 2025 By SecuritySenses In SecuritySenses

In today's digital age, cybersecurity is no longer just a technical concern; it's a business-critical priority. With cyber threats evolving rapidly, businesses must adopt robust strategies to protect their operations and ensure continuity. From ransomware attacks to insider threats, the risks are multifaceted and require proactive measures. As someone deeply invested in the cybersecurity space, I've seen firsthand how businesses can thrive when they prioritize security.

Read Post

SecuritySenses

Read more about The Role of Cybersecurity in Ensuring Business Continuity in 2025

Operation Phantom Circuit: North Korea's Global Data Exfiltration Campaign

Jan 29, 2025 By SecurityScorecard In SecurityScorecard

In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named “Phantom Circuit,” targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in Hasan, Russia.

Read Post

SecurityScorecard

Read more about Operation Phantom Circuit: North Korea's Global Data Exfiltration Campaign

API Supply Chain Attacks - The Sky's the Limit

Jan 28, 2025 By Amit Elbirt In Salt Security

Account takeover of a third-party service provider may put millions of airline users worldwide at risk.

Read Post

Salt Security

Read more about API Supply Chain Attacks - The Sky's the Limit

Nearly Three-Quarters of UK Education Orgs Have Sustained Cyberattacks

Jan 27, 2025 By Stu Sjouwerman In KnowBe4

73% of educational institutions in the UK have sustained at least one cyberattack or breach in the past five years, according to researchers at ESET. Additionally, a fifth of these organizations said they’ve experienced three or more cyberattacks. 43% of the organizations surveyed cited phishing attacks as their top concern.

Read Post