Have you ever heard the cybersecurity term “dictionary attack”, and wondered what it means? You’re not alone. Here, we’ll break down what a dictionary attack is, and explain what steps you should take to protect yourself from this threat.

As both consumer and commercial banking clients shift to primarily utilize online banking, they still have high expectations that their financial assets will be secure. In 2021, the banking industry reported 703 cyberattack attempts per week — a 53% increase from 2020. And the cost of cyberattacks in the industry has reached $18.3 million annually per breach.

The Guacamaya group is a fairly new hacktivist group based in Latin America. The group was first seen around March 2022 as they released sensitive data of several companies based in Chile, Ecuador, Brazil and Colombia. As mentioned, the group is mainly focusing on LATAM but dabbles every now and then with campaigns in Russia. The group is defined as a data leakage threat group, which means they do not encrypt but only leak the stolen data, often they do it for free.

Read also: Apple fixes yet another iOS zero-day, Iranian atomic energy agency hit by hackers, and more.

On October 5, a cyber incident disrupted the availability of three state government websites. The Russian-speaking KillNet group claimed responsibility. As discussed in previous SecurityScorecard research, KillNet began as a financially-motivated operation offering a botnet for hire. It has since remodeled to a hacktivist collective, conducting a series of relatively low-sophistication DDoS attacks against targets linked to entities perceived to oppose the Russian invasion of Ukraine.

Learning how attackers target weak domain account passwords is not enough for Active Directory security. Let’s look beyond domain accounts and understand the ways adversaries attack local accounts on Windows servers and desktops. For this post, we will focus on the most important local account: Administrator.

Cross-site scripting has been at the top of the OWASP Top 10 for nearly a decade. In this article, we'll explore everything you need to know about XSS, the associated risks, and countermeasures you can take.

CrowdStrike has identified a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure. Called “Kiss-a-dog,” the campaign targets Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog” mining pools.

If you were to take a look at the cybersecurity news cycle, you’d be forgiven for thinking that it’s only large enterprises with expansive customer bases and budgets that are the most vulnerable to attacks. But that’s not entirely true. Even if it’s at a much smaller scale, small- and medium-sized businesses (SMBs) still have stores of sensitive information that’s appealing to bad actors — and they’re often much less equipped to protect that data.

I was speaking with an Active Directory security engineer at a global pharmaceutical company recently, and I asked him the most classic question in the product management handbook: “What keeps you up at night?” So cliché (I know), but sometimes instead of an eye roll, you get a real gem, which is exactly what happened.