Euro Police Bust a Cyber Crime Gang Behind Multimillion-Euro Phishing Scams
Read also: Japanese auto hose maker Nichirin suffers a ransomware attack, Russia steps up cyber-espionage, and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Cyberattacks
Dear AppSec: I Was a Credit Card Skimming Attack Victim. (And It Sucks!)
I am a credit card skimming attack victim. It happened about eight weeks ago, and to this day, we’re still dealing with the repercussions. This is a true story. (Although I did substitute a few facts to protect the innocent.) And yes, while I work for Feroot, and this is appearing in our blog, I think it is important that cybersecurity professionals hear first hand from a card skimming attack victim—someone who is like every other customer that their business supports.
How to Secure Online Video Gaming from The Biggest Cyber Threats in 2022
Imagine, you are in the middle of a heated battle and are almost ready to claim the victory over your virtual opponent when you see a note on the screen: “We are experiencing a DDoS attack which may result in disconnections for some players.” Now?
How Hospital Hacks Happen 1: The Unmanaged IOT
"How Hospital Hacks Happen" is the first in a series of videos that aims to raise awareness and education regarding both how hospitals can be attacked and how they can better protect their patients, medical devices and systems. The videos showcase various attack vectors and actors. In this one we look at unmanaged Internet of Things (IoT) devices.
Ransomware attack vectors: what your organisation needs to look out for
In this blog post, we outline some of the most common types and the steps organisations should take to defend themselves.
Privilege Escalation Attacks: Types, Examples and Defence
When a system is breached, compromised or exploited, the attackers never stop after getting the initial access because it doesn’t give them privileged access. And the same thing goes in an offensive security assessment, i.e. infrastructure penetration testing or a red team assessment.
API attack types and mitigations
Stop, look, listen; lock, stock, and barrel; "Friends, Romans, Countrymen..." The 3 Little Pigs; Art has 3 primary colors; photography has the rule of thirds; the bands Rush and The Police; the movie The 3 Amigos. On and on it goes - "Omne trium perfectum" – “Everything that comes in threes is perfect.” While this article doesn’t provide perfection, we’ll focus on the top three API vulnerabilities (according to OWASP).
Single Author Uploaded 168 Packages to npm as Part of a Massive Dependency Confusion Attack
Mend Supply Chain Defender reported and blocked dozens of packages from the same author. These packages targeted developers of many companies and frameworks like slack, Cloudflare, Datadog, Metamask, react, Shopify, OpenSea, Angular and more. A dependency confusion attack takes advantage of a software developer’s tendency to pull malicious code from public repositories rather than internal ones.
What is a Distributed Denial-of-Service (DDoS) attack?
If you don’t work in IT or security, there’s no need to fret about every detail of every online danger. Nevertheless, it’s worth having awareness of the strategies and techniques that criminals are using to achieve their goals online.
Enriched attack surface view, DNS filtering, and more
Taking action on your attack surface requires a complete overview of what is exposed. This includes details such as open – and previously open! – ports, DNS records, and when the asset was last seen. These details help security teams respond more effectively to issues as they occur in production. It’s now possible for Surface Monitoring customers to drill down into an asset with the new Details page, which you can access by selecting an asset from the Attack Surface view.