Cyberattacks

Exploiting Service Accounts: Silver Ticket Attack

Aug 31, 2022 By Jeff Warren In Netwrix

In the first post of these series we showed how an adversary can discover Active Directory service accounts with PowerShell, and the second post demonstrated how to crack their passwords using the Kerberoasting technique. Now let’s see how an attacker can exploit a compromised service account using Kerberos Silver Tickets to forge TGS tickets.

Read Post

Netwrix

Read more about Exploiting Service Accounts: Silver Ticket Attack

What is a Brute Force Attack? Tools, Examples & Prevention steps

Aug 30, 2022 By Editor In Cyphere

Passwords are an easy way to implement an authentication mechanism in which the user is asked to enter a string of characters (that he had chosen) to log in to his accounts. We will cover brute force attacks, types and examples in this blog article.

Read Post

Cyphere

Read more about What is a Brute Force Attack? Tools, Examples & Prevention steps

Crypto miners' latest techniques

Aug 29, 2022 By Fernando Martinez In AT&T Cybersecurity

Crypto miners are determined in their objective of mining in other people's resources. Proof of this is one of the latest samples identified with AT&T Alien Labs, with at least 100 different loaders and at least 4 different stages to ensure their miner and backdoor run smoothly in the infected systems.

Read Post

AT&T Cybersecurity

Read more about Crypto miners' latest techniques

LastPass attackers steal source code, no evidence users' passwords compromised

Aug 26, 2022 By Graham Cluley In Tripwire

LastPass, the popular password manager used by millions of people around the world, has announced that it suffered a security breach two weeks ago that saw attackers break into its systems and steal information. But don’t panic just yet – that doesn’t mean that all of your passwords are now in the hands of internet criminals.

Read Post

Tripwire

Read more about LastPass attackers steal source code, no evidence users' passwords compromised

The LockBit Ransomware Gang to Adopt More Aggressive Strategy Involving Triple Extortion

Aug 25, 2022 By Application Security Weekly In ImmuniWeb

Read also: Greece’s natural gas supplier DESFA hit with ransomware, an advanced BEC campaign targets high-ranking executives, and more.

Read Post

ImmuniWeb

Read more about The LockBit Ransomware Gang to Adopt More Aggressive Strategy Involving Triple Extortion

How to scan your attack surface

Aug 25, 2022 By Detectify In Detectify

In 2013, a group of ethical hackers started penetration testing to make the Internet a safer place. After hacking companies such as Google, Facebook among others, they realized they could automate their findings to help companies monitor their attack surface and founded Detectify. Fast forward a few years and Detectify’s Crowdsource network boasts of 400+ elite ethical hackers.

Read Post

Detectify

Read more about How to scan your attack surface

Getting Started Guide: Falcon Long Term Repository

Aug 25, 2022 By Arfan Sharif In CrowdStrike

Limited data retention resulting from financial or technological constraints makes it hard for security teams to see the complete history of an attack. This lack of full context about a threat — or a potential threat — eventually catches up with organizations, leading to longer dwell times and increased risk of a breach.

Read Post

CrowdStrike

Read more about Getting Started Guide: Falcon Long Term Repository

Ransomware in Healthcare: The NHS Example and What the Future Holds

Aug 25, 2022 By Vedere Labs In Forescout

On August 4, 2022, Advanced – a major software provider for the UK’s National Health System (NHS) and other healthcare customers – suffered a ransomware attack from a group that is still unknown to the public. The attack disrupted NHS services including ambulance dispatch, appointment bookings, patient referrals and emergency prescriptions.

Read Post

Forescout

Read more about Ransomware in Healthcare: The NHS Example and What the Future Holds

10 Notable Cyber Attacks on Government Agencies

Aug 25, 2022 By Arctic Wolf In Arctic Wolf

While much of the media focus is on cyber attacks in the private sector, government is no stranger to cybercrime. According to Verizon’s 2021 Data Breach Investigations Report, the public sector experienced 3,236, or 11% of the attacks analyzed in the report, not even taking into account nation-state attacks. Unfortunately, governments of every size in every country can become targets, as there’s no end in sight to public-sector attacks.

Read Post

Arctic Wolf

Read more about 10 Notable Cyber Attacks on Government Agencies

7 Questions to Ask Your DDoS Mitigation Provider

Aug 24, 2022 By Indusface In Indusface

Digital businesses are constantly attacked by DDoS (Distributed Denial-Of-Service) attacks, which attempt to make a website or online service offline by flooding it with traffic from multiple sources. These attacks can be disruptive and costly for companies, and no industry is immune to them. About Indusface Indusface is a SaaS company that secures critical Web applications of 2000+ global customers using its award-winning platform that integrates Web application scanner, Web application firewall, CDN, and threat information engine.

View Video