Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SecurityScorecard Finds USAID Hack Much Larger Than Initially Thought

SecurityScorecard’s Investigations & Analysis team conducted an investigation into the details surrounding the USAID.gov attack. As has been previously reported, the attack has been potentially attributed to the organization commonly known as Cozy Bear, but our investigation found that the campaign is likely much larger, and began much earlier than has been reported.

Cloud Threats Memo: Takeaways From the Q1 2021 Phishing Activity Trend Report

The Anti-Phishing Working Group (APWG) has just released its Phishing Activity Trend Report for Q1 2021. The first findings are easily predictable; the dispersion of the workforce is pushing phishing attacks to new records: just in January 2021, the APWG detected 245,771 unique phishing sites, the highest number reported so far.

What you need to know about Process Ghosting, a new executable image tampering attack

Security teams defending Windows environments often rely on anti-malware products as a first line of defense against malicious executables. Microsoft provides security vendors with the ability to register callbacks that will be invoked upon the creation of processes on the system. Driver developers can call APIs such as PsSetCreateProcessNotifyRoutineEx to receive such events.

Cyber Kill Chain: What It Is, How It Works

What is the cyber kill chain? What is an example of the Cyber Kill Chain? What are the 7 steps of the cyber kill chain? Is the Cyber Kill Chain outdated? Cyber Kill Chain vs Mitre Att&ck Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.

Threats targeting Kubernetes and Defences

Attackers are continuously evolving their techniques to target Kubernetes. They are actively using Kubernetes and Docker functionality in addition to traditional attack surfaces to compromise, gain required privileges and add a backdoor entry to the clusters. A combination of Kubernetes security and observability tools is required to ensure the cloud infrastructure monitoring and lockdown and to enable DevSecOps teams with the right tools for the job.

10 Supply Chain Security Tips That Won't Slow Development Down

As supply chain attacks continue to dominate headlines, software development teams are beginning to realize that package management can’t be taken lightly — the threats hidden under the hood are real. In this installment of The Source, we want to talk about the practices and tools that developers need to adopt in order to protect against supply chain attacks.

Understanding the software supply chain security requirements in the cybersecurity Executive Order

President Biden’s cybersecurity executive order from last month should cause little surprise for anyone following news headlines over the past year. The order is the U.S. Federal Government’s important response to a long list of incidents, starting with the SolarWinds attack and ending with a recent ransomware attack against Colonial Pipeline —- the largest known attack against a US energy firm.

Detecting Password Spraying Attacks: Threat Research Release May 2021

The Splunk Threat Research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing password spraying attacks against Active Directory environments. In this blog, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PurpleSharp, collect and analyze the Windows event logs, and highlight a few detections from the May 2021 releases.

What is the real cost of carding attacks?

Since many brick-and-mortar stores closed during the Covid-19 pandemic, online shopping has grown massively through 2020 and into 2021. Fraudsters have seized this opportunity to strike, with data breaches in 2020 exposing over 155.8 million records, which could be used fraudulently, in the US alone. Carding is one of the most common and costly types of online fraud.