Prolific Cybercrime Marketplace WT1SHOP Shut Down in Law Enforcement Operation
Read also: Albania cuts diplomatic ties with Iran over a cyberattack, a new Apple zero-day is being sold on the dark web, and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Cyberattacks
Security Insights on the Low-Code / No-Code Attack Vector
The August 4th compromise of Twilio via a targeted smishing attack has been a topic of wide concern and discussion on social media. My first thoughts on hearing of the attack were to virtually “pat myself down” with regard to exposure risk. Kind of like that feeling when you’re not sure if your car keys or wallet are in your pocket a few blocks after walking away from your parking space. Is my company affected by the breach? Did we receive a notification email from them?
How Hospital Hacks Happen: The Nation State Attack
This is a use case that looks at how nation state actors can create a “watering hole” to infiltrate a hospital’s network – and what to do about it.
LastPass hacked: Why you should still trust password managers
In August 2022, password management company LastPass fell victim to a cyberattack, in which hackers breached its systems and stole its source code. LastPass’s success is built around offering secure, trustworthy software, so a hack like this could be seen as a knock against the company — but it also impacts wider public trust in password management software.
Cyber Security News: The NHS 111 Attack
In a recent article looking at cyber security trends, we highlighted the potential for incidents to occur from supply chain attacks, as well as the prevalence of ransomware across the Internet. No organisation is safe from attack, as illustrated by the NHS 111 attack at the beginning of the month.
How attack surface management helps during an M&A process
There is always the risk that sensitive data will be exposed during mergers and acquisitions. Throughout the M&A process, you’re adding new ways for hackers to enter your systems, enabling them to access sensitive customer information. This is because the merging of companies usually results in an increase in the attack surface, therefore, increasing the number of unknown security risks the acquiring company is unaware of. The numbers don’t lie.
Prevent API Exploitation: Know the Unknown, Protect the Unprotected
Almost a year ago, Gartner predicted that API attacks would be the most frequent enterprise attack vector in 2022. Strengthening API security is more critical today than ever and must be at the core of cybersecurity strategy to prevent API exploitation. To make matters worse, the lack of API visibility weakens core security principles. More organizations don’t have an accurate inventory of APIs, and it is not surprising for 30% of APIs to be unknown.
Comprehensive Un-Metered Managed Application DDoS Protection
Whatever may be the reason behind the DDoS attacks, this attack is here to stay and almost anyone can become a victim of DDoS attacks. The key piece to address this attack is the DDoS mitigation plan that organizations have in place.
Mid Year Security Threats Review
In this time of increasing complex cyber-attacks, you should look across the multiple security vulnerabilities to investigate and mitigate risks to keep your organization safe. This eBook reviews the real security attacks that have exploited vulnerabilities and provides a synopsis of facts and fixes.
Service Account Attack: LDAP Reconnaissance with PowerShell
In the introductory post of this series, we reviewed what an Active Directory (AD) service account is, explained why these privileged accounts are a serious security risk, and promised to detail 4 types of attacks on service accounts in future posts. This post explores the first of those attacks: LDAP reconnaissance, which attackers can use to discover service accounts in an IT environment while avoiding detection.