Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

An account takeover attack is a form of identity theft in which a cybercriminal takes over someone else’s online account. Cybercriminals steal a victim’s login credentials without them knowing through methods such as brute force attacks and phishing. Once the cybercriminal gains access to a victim’s account, they change the login credentials to prevent the victim from logging back in.

Casinos bring in millions of players and billions of dollars a year, via both physical venues and online platforms. And the industry estimated to grow by $11.42 billion between 2021 and 2025. Players trust casinos with their funds and high-value personal data, so it is no surprise that threat actors are targeting these venues to monetize their attacks.

The National Student Clearinghouse is a research facility that gathers data on students from approximately 22,000 high schools and more than 3,600 different colleges. Between all these schools throughout the United States, approximately 97% of the total student population is enrolled in the National Student Clearinghouse. That means the information for most students is on file with the organization.

Friends and Colleagues, We are proud to share that archTIS has won the 2023 Australian Defence Industry Award for Cyber Business of the Year for the second year running. We are humbled to once again be recognised by our peers and industry leaders for the valuable contributions and leadership role archTIS has taken in solving the critical Defence challenge of securing sensitive and classified information sharing.

We couldn’t be prouder that CrowdStrike achieved the highest coverage across the last two consecutive MITRE Engenuity ATT&CK® Evaluations. We achieved 100% protection, 100% visibility and 100% analytic detection coverage in the Enterprise Round 5 evaluation — which equates to 100% prevention and stopping the breach. We also achieved the highest detection coverage in the Managed Security Services Providers testing.

Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

What are my quantum options? And what has Goldilocks’ porridge got to do with it? You’ve heard that eventually you’ll need to migrate to quantum-safe cryptography. Perhaps you’re raring to go. And yet, here I am, ready to tell you one thing: don’t do anything yet. Your options really depend on your quantum problem, but if you’re looking to migrate your cryptography today, you’re moving way too soon.

On September 4, 2023, CERT-UA revealed a meticulously planned cyberattack targeting Ukraine's critical energy infrastructure. The attack's modus operandi was distinct; it utilized deceptive emails containing bait links, luring victims into downloading a seemingly innocuous ZIP archive. This archive, however, harbored malicious files designed to hijack the victim's computer, redirecting data flows and exfiltrating sensitive information using services like mockbin.org and mocky.io.

In the last few weeks, Arctic Wolf Labs has noted an increase in threat activity targeting Okta as an attack vector. The relevant Techniques, Tools, and Procedures (TTPs) span across several different types of attacks. This bulletin will review several key aspects of these attacks.

One of the security features available in Elasticsearch® Service (Elastic® Cloud) is traffic filtering. Traffic filtering enables network layer security by limiting access to the deployment from configured networks only. In addition to the security policies consisting of role based access control (RBAC) employing principle of least privilege, using traffic filtering in conjunction provides greater security.