Every day, we hear about security threats and attacks on organisations. These threats can range from ransomware and data breaches to leakage of sensitive data. There is no denying that cyber threats have been on the rise, and many organisations have fallen victim to these attacks, leading to financial and reputational losses. Hence, it is crucial to implement policies and processes that can help respond to these attacks.

The holidays are a busy time for cyber attackers. They rely on distracted workers and lax security systems to breach an organization’s defenses. Then, they deploy ransomware or perform smash-and-grab operations on as much information as they can get their hands on. Either way, the goal is the same: profiting from a brief moment of weakness in your cybersecurity defenses. If you’re wondering how to prevent hacking during this hectic time of year, Lookout is here to help.

No matter your industry, the end-of-year holiday season is typically a busy time. Unfortunately, it’s also a busy time for cyber criminals. Enterprise organizations are particularly vulnerable to modern data breaches and other attacks during the holidays, which means you must be especially vigilant about guarding against them.

On July 24th 2024, Curl maintainers announced a new stack buffer Use After Free (UAF) vulnerability – CVE-2024-6197. This type of vulnerability is very uncommon since UAF issues usually occur on the heap and not on the stack. While the vulnerability can be easily exploited for causing denial of service, in this blog we will show why we believe that it is almost impossible to exploit this vulnerability to achieve remote code execution in any real-world setup.

Windows PowerShell and command prompt (CMD) are both essential command-line interface tools for Windows administrators, allowing them to execute commands, manage system processes and automate administrative tasks. While CMD has been a foundational component of Windows since the MS-DOS era, PowerShell has emerged as a more advanced and powerful scripting language, enhancing system management and automation capabilities.

The future of eliminating secrets sprawl means getting a handle on the lifecycles and interdependencies of the non-human identities that rely on secrets. Learn how to implement these NHI security measures at scale.

On December 15, 2024, reports emerged that threat actors have begun attempting to exploit a recently disclosed critical vulnerability in Apache Struts (CVE-2024-53677) shortly after the publication of a Proof-of-Concept (PoC) exploit. Apache Struts is a widely used open-source web application framework for developing Java-based applications.