With the idea in mind to “audio-jack” a live call-based banking transaction, security researchers were successful in inserting cybercriminal-controlled account details. Deepfake audio is nothing new… but it is getting very advanced. So much so, that security researchers at IBM Threat Intelligence were able to test out a hypothesis as to whether it’s possible to perform an audio-based “Man in the Middle” attack.

Organizations face an ever-evolving array of cyber threats that require swift and intelligent responses. Security Operations Centers (SOCs) are at the forefront of this battle, tasked with detecting, analyzing, and mitigating threats to safeguard valuable assets. To bolster their defenses, many enterprises are turning to innovative solutions such as ThreatQ™ and Infoblox SOC Insights, which offer advanced capabilities for threat intelligence management and network security.

What happened with a fake call purporting to be from Amazon tricked a financial advice columnist into handing over $50,000 to a stranger.

In the rapidly evolving landscape of artificial intelligence (AI), the launch of Sora by OpenAI marks an unnerving milestone in video synthesis. The unveiling of such revolutionary technology is simultaneously exciting and raises red flags to the broader implications of AI's role in digital content creation and cybersecurity. The potential of Sora to generate up to one-minute video clips from mere text input is staggering.

The heightened demand for cloud applications places a premium on the agility of development teams to swiftly create and deploy them. Simultaneously, security teams face the crucial task of safeguarding the organization’s cloud infrastructure without impeding the pace of innovation.

Server-side request forgery (SSRF) is a common vulnerability that can crop up unknowingly in any Node.js application. It poses a significant threat because attackers can manipulate a server into making unintended requests to both internal and external resources. This article will explore SSRF, its potential risks, and the strategies to mitigate SSRF in Node.js applications.

The Sysdig Threat Research Team (TRT) discovered the malicious use of a new network mapping tool called SSH-Snake that was released on 4 January 2024. SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network. The worm automatically searches through known credential locations and shell history files to determine its next move. SSH-Snake is actively being used by threat actors in offensive operations.

As reliance on software systems continues to grow, so does the emergence of numerous security threats. One notable threat for developers, especially those working with Node.js, is SQL injection. SQL injection is a malicious attack where nefarious SQL code is injected into a system, exposing sensitive information, corrupting or deleting data, and sometimes, granting unauthorized access to attackers.

As cybercrime evolves, one avenue for attack has risen to prominence across the world: Ransomware. According to Arctic Wolf’s State of Cybersecurity 2023 Trends Report, 48% of organizations view ransomware as the top attack vector concern. A concern comes with just cause, as the Arctic Wolf Labs 2024 Threats Report showed 48.6% of incidents investigated by Arctic Wolf were ransomware attacks.