A democratized approach to cybersecurity risk management that leverages continuous monitoring and public-private partnerships is overdue, and critical, for today’s cyber threat environment.
One of the key tools at the center of social engineering attacks against organizations is phishing. According to the Anti-Phishing Working Group’s latest report, the number of unique phishing websites detected in December 2021 was 316,747, where they have detected between 68,000 and 94,000 attacks per month in early 2020, meaning that phishing attacks have more than tripled from 2020 to 2021.
SecurityScorecard (SSC) has identified a DDoS attack which targeted the websites of the Finnish Ministry of Foreign Affairs and Ministry of Defense. SSC discovered more than 350 bots, mainly located in Bangladesh and African countries, which are now considered to be part of the Zhadnost botnet, previously discovered by SSC in March.
Last month’s revelation that Okta had been hacked created a seismic impact in the world of security, with organizations still bracing themselves for the fallout from this incident. While resources, like Microsoft’s article on Lapsus$ (tracked as DEV-0537), have broadly dissected the attack vectors used in the group’s attacks, we wanted to expand on the broader trends and context surrounding the Okta hack.
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about how a country and global economy is impacted when a cybercrime happens, how every citizen is victimized, and what governments are doing to mitigate this rising issue.
Web applications across the digital world are teeming with vulnerabilities increasingly equipped to defeat security mechanisms. Among them are injection attacks. We are aware of the many injection vulnerabilities present in a web application, for example, SQL injection, HTML injection, CRLF injection, cross-site scripting and many others. This article will discuss CRLF injection vulnerability in detail for web application security.
It’s almost that time of the year to file taxes in Portugal, so John opens the email he received asking him to submit his taxes. It’s from a bank he trusts, so he follows the instructions in the email and proceeds to download the attached PDF. Little did he know that when he clicked the links in the email body, the Lampion trojan was downloaded from an online server.
