%term

DDoS Attacks: What You Need To Know

Feb 6, 2024 By SecurityScorecard In SecurityScorecard

In the intricate web of digital security threats, one particularly disruptive technique stands out: the Distributed Denial of Service (DDoS) attack. This form of cyber assault involves numerous compromised systems, often referred to as bots or zombies, which are used to overwhelm a target website with an avalanche of requests. The result? Legitimate users find themselves unable to access the site, leading to significant operational disruptions.

Read Post

SecurityScorecard

Read more about DDoS Attacks: What You Need To Know

AnyDesk Confirms Unauthorized Access to Production Systems

Feb 6, 2024 By Stefan Hostetler In Arctic Wolf

On February 2, 2024, AnyDesk confirmed a compromise of its production systems in a security advisory, leading the company to revoke all security-related keys, including the cryptographic code-signing certificate used to publish their software. As an additional precaution, AnyDesk also reset user passwords on the AnyDesk web portal. AnyDesk has started using a new code signing certificate as of AnyDesk version 8.0.8.

Read Post

Arctic Wolf

Read more about AnyDesk Confirms Unauthorized Access to Production Systems

CrowdStrike Defends Against Azure Cross-Tenant Synchronization Attacks

Feb 5, 2024 By Manoj Ahuje - Matt Johnston In CrowdStrike

As Microsoft Azure continues to gain market share in the cloud infrastructure space, it has garnered attention from adversaries ranging from hacktivist and eCrime threat actors to nation-state adversaries. Recent attacks on Microsoft by cloud-focused threat actors like COZY BEAR are becoming more frequent and garnering huge attention.

Read Post

CrowdStrike

Read more about CrowdStrike Defends Against Azure Cross-Tenant Synchronization Attacks

Network Analytics Logs: Using Splunk to view network traffic and DDoS attacks

Feb 2, 2024 By Cloudflare In Cloudflare

Cloudflare Magic Transit is a network security solution that offers DDoS protection, traffic acceleration, and much more from every Cloudflare data center— for on-premise, cloud-hosted, and hybrid networks. In this video, we show how to integrate Cloudflare Network Analytics logs to view network traffic and DDoS attacks in your Splunk dashboard.

View Video

Cloudflare

Read more about Network Analytics Logs: Using Splunk to view network traffic and DDoS attacks

How to protect your business from NFT phishing attacks and spam

Feb 1, 2024 By Fireblocks In Fireblocks

The Web3 ecosystem has experienced a sharp increase in spam NFTs. While spam NFTs may seem benign – commonly used as promotions for new NFT collections – they can also be used as a method for phishing unsuspecting users. Today, threat actors are using spam NFTs to drain wallets in a variety of ways. In this blog post, we take a closer look at some of these methods and the new security protections Fireblocks has developed to safeguard our customers.

Read Post

Fireblocks

Read more about How to protect your business from NFT phishing attacks and spam

Microsoft Teams: The New Phishing Battlefront - How Attackers Are Exploiting Trusted Platforms

Feb 1, 2024 By Stu Sjouwerman In KnowBe4

Attackers are abusing Microsoft Teams to send phishing messages, according to researchers at AT&T Cybersecurity. “While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector,” the researchers write.

Read Post

KnowBe4

Read more about Microsoft Teams: The New Phishing Battlefront - How Attackers Are Exploiting Trusted Platforms

Conversations with Charlotte AI: Assessing Potential Attacks

Feb 1, 2024 By CrowdStrike In CrowdStrike

With Charlotte AI, the information security analysts need to stop breaches is simply a question away. Watch how analysts are turning hours of work into minutes and seconds — getting the context they need to assess potential attacks like Log4j and stop breaches.

View Video

CrowdStrike

Read more about Conversations with Charlotte AI: Assessing Potential Attacks

Deloitte & Memcyco Exclusive Panel: The Untold Cost of website and SSO impersonation attacks

Feb 1, 2024 By Memcyco In Memcyco

Cyber iCON 2024: Event sponsor, Memcyco, and host, Deloitte, present their cybersecurity partnership and market offering that will redefine what “cyber threat intelligence” can and should mean. Alongside exclusively invited partners, they’ll be sharing expert insight and stunning innovations in digital domain protection. This will be a unique platform for industry leaders hungry to fortify cyber threat defenses and exchange ideas while discovering breakthrough strategies and technologies.

View Video

Memcyco

Read more about Deloitte & Memcyco Exclusive Panel: The Untold Cost of website and SSO impersonation attacks

Understanding Tactics, Techniques, and Procedures

Jan 31, 2024 By Arctic Wolf In Arctic Wolf

Microsoft PowerShell is a ubiquitous piece of software. It’s also, unfortunately, a major attack vector for threat actors. Once a threat actor has initial access into a network, they can utilize the commands and scripts components of PowerShell to conduct reconnaissance or inject fileless malware into the network. This activity is so common it’s continually listed as one of the top tactics, techniques, and procedures (TTPs).

Read Post

Arctic Wolf

Read more about Understanding Tactics, Techniques, and Procedures

Leaky Vessels: Docker and runc container breakout vulnerabilities (January 2024)

Jan 31, 2024 By Jamie Smith In Snyk

Snyk security researcher Rory McNamara, with the Snyk Security Labs team, identified four vulnerabilities — dubbed "Leaky Vessels" — in core container infrastructure components that allow container escapes. An attacker could use these container escapes to gain unauthorized access to the underlying host operating system from within the container.

Read Post