Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

3x more subdomain takeovers now discovered

Today, we have over 600+ unique techniques to discover subdomain takeovers in over 2,000 Detectify customers. Identifying subdomain takeovers is tricky business as they rely on signature-based tests which are prone to false positives due to outdated signatures. That’s why we run our subdomain takeover tests on hundreds of thousands of customer assets every day.

DDoS Attacks in the Financial Industry: How to Protect Your Infrastructure and Payments

While Distributed Denial of Service (DDoS) attacks have been around for over a decade, they still continue to evolve and escalate, particularly during 2022. The tense geopolitical situation caused by the Russian invasion of Ukraine has affected the nature and intensity of these types of attacks, making states official participants in the DDoS mitigation market.

Compromising Plaintext Passwords in Active Directory

A lot of attention gets paid to preventing pass-the-hash and pass-the-ticket attacks, but these tactics limit adversaries to what they can perform from the command line. Compromising a plaintext password gives an attacker unlimited access to an account — which can include access to web applications, VPN, email and more. One way to extract plaintext passwords is through Kerberoasting, but this brute-force technique takes a lot of time and patience.

Overpass-the-Hash Attack: Principles and Detection

The overpass-the-hash attack is a combination of two other attacks: pass-the-hash and pass-the-ticket. All three techniques fall under the Mitre category “Exploitation of remote services.” In an overpass-the-hash attack, an adversary leverages the NTLM hash of a user account to obtain a Kerberos ticket that can be used to access network resources.

The Top Cyber Attacks of September 2022

Maybe it’s the changing of the seasons, the start of a new school year, or just something in the air, but September’s cybersecurity landscape was marked with high-energy hacks that seem to have served as twisted amusements for their perpetrators. This month’s round-up is full of criminals who weren’t content just to collect a ransom or sell some private data. These hackers wanted to scorch the earth and hurt their victims with an extra layer of malice and humiliation.

Cyber Risk Retainers: Not Another Insurance Policy

The costs associated with a cyberattack can be significant, especially if a company does not have an Incident Response plan that addresses risk. The one-two punch of a cyberattack can be devastating. There is the breach and then the related mitigation costs. Implementing a comprehensive Incident Response (IR) game plan into a worst-case-scenario should not be a post-breach scramble. And when that IR strategy includes insurance, it also must address a business’s level of cyber risk.