Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

Single Author Uploaded 168 Packages to npm as Part of a Massive Dependency Confusion Attack

Mend Supply Chain Defender reported and blocked dozens of packages from the same author. These packages targeted developers of many companies and frameworks like slack, Cloudflare, Datadog, Metamask, react, Shopify, OpenSea, Angular and more. A dependency confusion attack takes advantage of a software developer’s tendency to pull malicious code from public repositories rather than internal ones.

Enriched attack surface view, DNS filtering, and more

Taking action on your attack surface requires a complete overview of what is exposed. This includes details such as open – and previously open! – ports, DNS records, and when the asset was last seen. These details help security teams respond more effectively to issues as they occur in production. It’s now possible for Surface Monitoring customers to drill down into an asset with the new Details page, which you can access by selecting an asset from the Attack Surface view.

Kerberos Authentication: Basics to Kerberos attacks

Developed by MIT, Kerberos Authentication Protocol is the default authentication service for Microsoft Active Directory. It is named after the three-headed dog (Cerberus) found in Greek mythology, because the security protocol involves three major steps in the entire authentication process. Although Kerberos is a technology used by Microsoft Windows, by default, its implementations in other operating systems, such as Linux, FreeBSD and macOS, are also present.

Conti ransomware incapacitates Costa Rica's government: The FBI, CISA, the NSA, and Secret Service recommend mitigation strategies

Weeks after President Rodrigo Chaves Robles became Costa Rica’s 49th president, he had to tackle the country’s largest cyberattack ever. Costa Rica declared a state of emergency following a series of detrimental ransomware attacks carried out by the Conti ransomware gang.

CrowdStrike Falcon Stops Modern Identity-Based Attacks in Chrome

Recent research from CyberArk Labs presents a new technique for extracting sensitive data from the Chromium browser’s memory. However, existing access to the targeted system is required before leveraging the technique to extract the sensitive data. The technique could enable identity-based attacks involving authentication bypass using Oauth cookies that have already passed an MFA challenge.

How Lookout Prevents Ransomware Attacks | Lookout

As ransomware attacks continue to grow, keeping sensitive data secure is crucial. Lookout prevents the initial compromise of a ransomware attack by securing data wherever and however it needs to. How Lookout Reduces Risk of a Ransomware Attack: Ensures only endpoints free from malware access data Prevents attackers from exploiting vulnerabilities in internet facing apps and servers Enables you to identity unauthorized access when.

Top Cyber Attacks of May 2022

Summer is here and phishing season is in full swing. May saw a troubling range of phishing attacks carried out against a wide array of targets, from retirement planners to school systems to national defense. Bundle all of those efforts together with a disturbing ransomware attack on the air travel industry and you have all the evidence you need of the dangers of inadequate cybersecurity at every level.

Defense in Depth - Definition & Relation to Layered Security Approach

As the use of technology increases in every aspect of our daily lives, the rate of cyber attacks also grows exponentially. In today’s world, organisations need to be highly equipped in their defences against cyberattacks so that they may better protect their assets, and it is here that the defence in depth approach is adopted.