Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential stuffing is, discuss current approaches to mitigate this type of attack, and their weaknesses. Additionally, we'll share our insights on what needs to be.

Cross-Site Request Forgery (CSRF) remains a continuing threat, exposing user data and application integrity. However, with proactive measures like anti-CSRF tokens and additional defenses, you can protect your applications against CSRF attacks. Let’s delve into the depths of CSRF vulnerabilities and explore practical strategies to boost your web application security.

The amount of data generated and fed into AI systems has increased quickly over the last few years. Attackers are taking advantage of the massive increase in data volume to contaminate the data input in training datasets, resulting in incorrect or malicious results. In fact, at a recent Shanghai conference, Nicholas Carlini, research scientist at Google Brain, stated that data poisoning can be accomplished efficiently by modifying only 0.1% of the dataset.

Keeping our data secure can be an uphill battle. Sometimes, one small thing or interaction with the wrong person online can have a knock-on effect that can cause your private information to be posted online. Doxing, or doxxing uses the information without the consent of individuals or companies that store their data in any corner of the Internet. No one is exempt from falling prey to doxing; even Hollywood celebrities have suffered a doxing attack.

Distributed Denial of Service (DDoS) attacks occur when adversaries overwhelm a connected target’s resources, aiming to make it unavailable. Learning the best strategies to protect from DDoS attacks is critical to energy grid cybersecurity. A well-planned DDoS attack on the grid could halt essential services, cause substantial disruptions to households and businesses, and prove incredibly costly. However, people can strengthen utilities’ cybersecurity with some best practices.

To detect lateral movement, organizations need to identify abnormal network activity, map lateral movement paths, analyze user behavior and verify unknown devices. If left unnoticed, lateral movement can often lead to data breaches and the loss of highly sensitive data. Organizations can prevent lateral movement within their network by enforcing least privilege access, implementing zero trust, segmenting networks and investing in a PAM solution.

In October 2023, Okta, a leading provider of identity and access management (IAM) solutions, experienced a data breach affecting its customer support system. This incident raised serious concerns about the security of sensitive information entrusted to Okta by its customers and partners.

Spear phishing and voice phishing (vishing) are on the rise in the trucking industry, according to a new report from the National Motor Freight Traffic Association (NMFTA). “Spear phishing is still one of the most effective tools attackers have to breach networks,” the report says.

The Mirai Botnet, famous for massive DDoS attacks, used SYN flood techniques to hack 600,000 IoT devices. Targets like KrebsOnSecurity, Lonestar cell, and Dyn. The impact cascaded across key service providers that relied on Dyn’s services, affecting entities such as Sony Playstation servers, Amazon, GitHub, Netflix, PayPal, Reddit, and Twitter.