Cyberattacks
Cyberattacks | News, how-tos, features, reviews, and videos
Twitch breach highlights dangers of choosing ease of access over security
Attackers essentially broke into the Twitch house and cleaned out everything. Following least-privilege access principles and encrypted datasets will help others avoid that scenario.
October is high season for cyberattacks, Infosec Institute study shows
A study by Infosec Institute indicates that there has been an exponential increase in cyberattacks globally in the last five years, and a major part of it happened in the month of October each year as attackers apparently exploit...
TSA to issue cybersecurity requirements for US rail, aviation sectors
New rules include reporting incidents to CISA and naming cybersecurity leads, but experts and industry representatives cite lack of input.
Top cybersecurity statistics, trends, and facts
Survey data from the past year paints a picture for what your threat landscape will potentially look like in the coming months.
Iranian APT targets aerospace and telecom firms with stealthy ShellClient Trojan
The MalKamak group has been running its Operation GhostShell campaign for at least three years unnoticed.
How corporate data and secrets leak from GitHub repositories
Attackers constantly search public code repositories like GitHub for secrets developers might inadvertently leave behind, and any tiny mistake can be exploited.
4 steps to protect the C-suite from business email compromise attacks
Preventing top executives from becoming BEC victims requires a different approach. Putting the risk in business terms is key.
Why today’s cybersecurity threats are more dangerous
Greater complexity and interdependence among systems gives attackers more opportunity for widespread, global damage, say government and industry experts.
APT29 targets Active Directory Federation Services with stealthy backdoor
The FoggyWeb post-exploitation backdoor is persistent and steals configuration databases and security token certificates.
Cybercriminals bypass 2FA and OTP with robocalling and Telegram bots
The automated bots are highly successful because they effectively emulate legitimate service providers.
MITRE ATT&CK, VERIS frameworks integrate for better incident insights
The MITRE ATT&CK/VERIS collaboration aims to create a common dictionary for communicating information about security incidents.
Breach reporting required for health apps and devices, FTC says
A new policy statement makes it clear that the US Federal Trade Commission will hold healthcare app and device makers accountable for reporting data breaches.
The Kaseya ransomware attack: A timeline
REvil's ransomware attack on software provider Kaseya underscored the threats to supply chains that ransomware groups pose. Here is an up-to-date timeline of the attack.
APT actors exploit flaw in ManageEngine single sign-on solution
US government agencies urge immediate action to look for indicators of compromise and, if found, take recommended steps to mitigate.
7 unexpected ransomware costs
Indirect costs related to a ransomware attack can add up over time. These are the expenses and financial risks that CISOs should be aware of.
How APTs become long-term lurkers: Tools and techniques of a targeted attack
A new McAfee report details the tools and techniques an APT group used to go undetected on a client network for over a year.
Steganography explained and how to protect against it
Steganography is reasonably easy to implement yet difficult to detect, which is why threat actors use it to deliver malware, evade detection, and gain persistence.
NTLM relay attacks explained, and why PetitPotam is the most dangerous
Attackers can intercept legitimate Active Directory authentication requests to gain access to systems. A PetitPotam attack could allow takeover of entire Windows domains.
-
eBook
Sponsored -
White Paper
-
Case Study
Sponsored -
White Paper
-
Video/Webcast
Sponsored
Most Popular
BrandPosts
Learn more-
Sponsored by OneNeck IT Solutions
-
Sponsored by Netscout
-
Sponsored by ExtraHop