Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Although it’s the holiday season, the festive spirit doesn’t extend to cyber attackers, who consider this a great opportunity to cause havoc. But the Mend research team doesn’t rest, and remains alert for threats and vulnerabilities. Our vigilant team has detected an attack on npm packages that utilized typosquatting to compromise nearly 300 NPM packages. Let’s take a look at the nature of the attack and what we did to protect our systems and our users.

At SecurityScorecard, we like to look ahead and focus on the future. However, the past can also teach us some valuable lessons, particularly in cybersecurity. 2022 was quite an eventful year in the space, with many high-profile attacks, including full-blown cyber warfare. Out of all threats we saw this past year, a few stood out. This article will cover seven of the most dangerous cyber threats of 2022, in no particular order.

Personal data such as email addresses and passwords unlock our online identities and have become part and parcel of almost all accounts on the internet. Research indicates that there are over 5 billion daily web users worldwide and mobile phones account for about 60% of the world’s web traffic. Digital data examples include text messages, videos, satellite images and data from IoT, smart devices and social media.

Each year, cyber attacks and data breaches are becoming more devastating for organizations. According to the 2022 Cost of a Data Breach Report by IBM, the global average cost of a data breach reached a record US$4.35 million in 2022. However, security teams are often not ready to detect all security gaps in their organizations. The scope of their monitoring is usually so broad that it’s challenging to anticipate where a potential threat might come from.

Password attacks are one of the most common types of cyberattacks. They occur when someone tries to access your accounts by guessing or stealing your login credentials. You can prevent password attacks by enabling multi-factor authentication and using strong, unique passwords for your accounts. Read on to learn how you can keep yourself protected from these types of attacks.

Cybercriminals who use Business Email Compromise (BEC) attacks are switching up their tactics, with some groups now targeting actual merchandise instead of money in their phishing attacks. Trustwave’s email security solution MailMarshal is aware of and investigating this new methodology. MailMarshal is capable of defending an organization against BEC attacks. This Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S.

Sudden, unexpected, and potentially very damaging. Zero-day attacks are the perfect storm for malicious actors and one of the worst-case scenarios for developers, security professionals, and DevOps teams. Yet it’s not all bad news for those charged with protecting your code, software, and applications, as long as you expect the unexpected and prepare for it. Building a fast, effective mitigation response for zero-day attacks starts with these three tactics.

Read also: Microsoft fixes a Windows zero-day, security researchers detail a way to bypass popular web application firewalls, and more.