Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

One critical way that attackers gain access to an IT environment and escalate their privileges is by stealing user password hashes and cracking them offline. We covered a method for harvesting service account passwords in our post on Kerberoasting. Here we will explore a technique that works against certain user accounts, AS-REP Roasting. We’ll cover how adversaries perform AS-REP Roasting using the Rubeus tool and how you can defend your organization against these attacks.

Christmas shopping season is a lucrative time of year for cybercriminals. In the UK alone, shoppers lost more than £15 million to fraud in the run-up to Christmas 2020. Of this, £2.5 million was lost over a single weekend: Black Friday to Cyber Monday. Online shopping scams are expected to ramp up ahead of Black Friday this year, too. Card cracking is particularly high risk, as heightened traffic volumes make it more difficult for many retailers to detect high volume brute force attacks.

Today's Managed Security Service Providers (MSSPs) are trying to grow their business quickly, improving margins and onboarding customers with high-quality tool sets that scale with the company. This means reducing cost, improving onboarding time, and building the next generation of Managed Detection and Response (MDR) to deal with threats that are increasing in volume and sophistication.

If you look around, even a small successful DDoS attack brought down websites. It leads to data breaches and results in a huge loss. DDoS attacks on AWS (in 2020), Bandwidth.com (in 2021), and GitHub (in 2018) carry a lesson for us. DDoS attacks are among the most rapidly advancing type of cybercrime. It becomes more mature, sophisticated, and complex. In 2023, Cisco predicted the total number of DDoS attacks would be over 15 million.

Purchasing holiday gifts is now more simple and more convenient than ever thanks to online shopping. Unfortunately, cybercriminals are preparing for the holidays just like us, but they’re doing so with bad intentions. Cybercriminals have developed easier and more advanced methods to steal customers’ money and personal information.

The digital world has undergone a paradigm shift as a result of the worldwide pandemic, which has changed the way broadcasters deliver content to their users. The digital media business, OTT streaming and OTT communications have surely transformed everyone’s leisure time with the enormous rise in viewership and online users in recent years.

Passage, a leader in modern authentication technology, is joining the 1Password team to help accelerate the adoption of passkeys for developers, businesses, and their customers.

A recent campaign, unearthed by researchers at INKY, is the latest example of exploitation of a legitimate cloud service. The campaign impersonates the U.S. Small Business Administration (SBA), targeting small businesses that are unaware of the fact that the SBA recently stopped accepting applications for COVID-19 relief loans or grants. The element that makes this campaign stand out from the others is the exploitation of a well-known and familiar cloud service to host the phishing page: Google Forms.

The problem of securing the modern workforce goes beyond occasional spats between IT and security. The real problems we see are user credentials under constant attack, alongside attempts to harvest and exploit enterprise data. Plus the cloud resources that workforces need are tough to secure, especially when deployed outside of IT-led processes. In light of these issues, corporations need a way to securely provide always-on cloud access for users while safeguarding enterprise data anywhere it goes.

Cloud misconfigurations can cause devastating financial and reputational damage to organizations. Yet, such undesirable circumstances can be avoided by understanding the common misconfiguration errors and mitigating them before malicious actors can exploit them. Ava Chawla, AlgoSec’s Global Head of Security provides some valuable insights on cloud misconfigurations and offers useful tips on how to avoid them.