An attack vector, also known as a threat vector, is a way for cybercriminals to gain access to an organization’s network or system. Some common types of attack vectors that organizations need to defend against include weak and compromised credentials, social engineering attacks, insider threats, unpatched software, lack of encryption and misconfigurations. Organizations must identify all of the potential attack vectors and protect their network against them to avoid security breaches.

If over 40 major banks can be the target of JavaScript injection attacks, let’s be honest – so can you. In 2023, a malware campaign using this attack method affected 50,000 user sessions across more than 40 financial institutions worldwide, leaving many dev teams in pure damage-control mode. 67.9% of professional developers use JavaScript more often than any other programming language. Its popularity is understandable, given its versatile and interactive capabilities.

A contributor to the liblzma library (a compression library that is used by the OpenSSH project, among many others) submitted malicious code that included an obfuscated backdoor. Since the maintainers had no reason to suspect foul play, they accepted and merged the contribution. The malicious code made it into the compression library release, and later on to the OpenSSH server, which relies on the library in question.

Over the years, we have seen a substantial amount of cyberattacks happening around the globe. The most infamous of them is the RaaS attack, which is taking over organizations of all sizes. An employee’s sheer negligence and lack of cybersecurity solutions put organizations at higher risk. In this article, we will share some tips that every organization needs to know in order to stay away from cyberattacks. Ransomware attacks have become prevalent in recent years and can happen to any organization.

Organizations usually rely on remote work capabilities, leading them to use cloud systems. But with increased use of cloud infrastructure, the vulnerability to cyberattacks increases. One such is the Privilege Escalation attack, a complex threat to any network. Multiple defense strategies are required to detect and prevent privilege escalation attacks, but understanding what this attack means is important even before that.

CrowdStrike is committed to protecting our customers from the latest and most sophisticated cybersecurity threats. We are actively monitoring activity surrounding CVE-2024-3094, a recently identified vulnerability in XZ Utils.

Spoofing attacks are a common cyber attack that tricks people into revealing their login credentials by pretending to be a legitimate business website. Password managers, like Keeper Password Manager, have an autofill feature that can help protect against this type of attack. If you land on a spoofed website, Keeper’s autofill feature, KeeperFill®, will not fill in your login credentials if the URL stored in your password vault does not match the website you’re on.

Cyberattacks on large companies grab the headlines, creating the false impression that only big organizations are targeted by cybercriminals. This misleads smaller companies into believing that they are not potential targets because of their size or low profile. However, threats against small and medium-sized companies have been a cause for concern in recent years. Experts warn that companies with fewer than 100 employees are especially vulnerable to a range of threats.

A journalist in Pennsylvania was targeted by phishing attacks that involved thread hijacking, according to Brian Krebs at KrebsOnSecurity. The journalist for LancasterOnline, Brett Sholtis, had written a story last year about a wealthy businessman named Adam Kidan who pleaded guilty to fraud in 2005. Several months after the story was published, Sholtis received two emails from Kidan’s email account.

The UK government's third phase of research shows how well UK organizations have been improving their cybersecurity efforts but indicates that the risk from certain attacks have only been reduced marginally. As part of the UK government’s National Cyber Strategy, their Cybersecurity Longitudinal Survey has been run three times to show how well UK businesses and charities are working to improve their state of cybersecurity.