attacks
-
Blog
API and bot attacks are costing businesses billions – and they’re on the rise
Insecure Application Programming Interfaces (APIs) and bot attacks are costing organizations billions, with large companies particularly at risk. In a new analysis of more than 161,000 unique cybersecurity incidents, the security firm Imperva found that API-related security incidents rose by 40% across 2022 and by a further 9% in 2023. Bot-related security incidents rose by 88% across the same period.…
Read More » -
Blog
David’s Bridal notifies staff and customers of data breach following two ransomware attacks
David’s Bridal over the weekend confirmed it notified 4,132 Texans of a data breach that compromised customers’ and employees’ names, Social Security numbers, medical information, health insurance information, addresses, and driver’s license numbers, according to the state Attorney General. Two ransomware gangs claimed responsibility for breaches at David’s Bridal: LockBit in January 2024 and Werewolves in February 2024. It’s possible…
Read More » -
Blog
New Revival Hijack technique leaves 22,000 PyPi projects vulnerable to attacks
Up to 22,000 PyPI packages may be at risk of being hijacked in a newly-developed supply chain attack technique, research reveals. Security researchers at devops specialist JFrog published a blog warning developers about a new attack technique that leverages the ability to re-register popular packages once the original owner removes them from PyPI’s index. Dubbed ‘Revival Hijack’, the technique builds…
Read More » -
Blog
How to identify and mitigate cloud-based cyber attacks
Cyber attacks may be an inevitable part of modern life but that doesn’t mean that businesses simply have to put up with them. Indeed it is possible to have both a proactive and reactive stance when it comes to securing your organization. The reality is that this does take hard work and constant evolution of strategy to move from theory…
Read More » -
Blog
North Korean insider attacks are skyrocketing – dozens of US firms didn’t spot the hacker in their midst
Over 100 organizations have been targeted by North Korean hackers posing as legitimate IT workers to steal money and exfiltrate sensitive information, new research reveals. The threat campaign, operated by a group tracked as FAMOUS CHOLLIMA, involves posing as a locally-based IT technician or software developer, using stolen identities and deepfake technology to pass background checks. In its 2024 Threat…
Read More » -
Blog
Versa fixes Director zero-day vulnerability exploited in attacks
Versa Networks has fixed a zero-day vulnerability exploited in the wild that allows attackers to upload malicious files by exploiting an unrestricted file upload flaw in the Versa Director GUI. Versa Director is a platform designed to help managed service providers simplify the design, automation, and delivery of SASE services, offering essential management, monitoring, and orchestration for Versa SASE’s networking…
Read More » -
Blog
Teleport partners with TD Synnex to tackle identity-focused cyber attacks
Secure infrastructure access specialist Teleport has announced a new partnership with global IT distributor TD Synnex. The collaboration aims to broaden buying options for customers around the world as well as streamline the procurement of secure infrastructure access to enable heightened defense against identity-focused cyber attacks. With the new TD Synnex agreement, VARs, MSPs, integrators, and resellers will be able…
Read More » -
Blog
Billons of Chrome users at risk from hacker attacks — severe flaw exploited
Google is in the process of rolling out patches that address a high-severity security flaw in its Chrome browser. According to Google, this flaw has come under active exploitation in the wild. The flaw (tracked as CVE-2024-7971) is a confusion bug in the V8 JavaScript and WebAssembly engine (h/t to The Hacker News). Google acknowledged the flaw in a blog…
Read More » -
Blog
Google fixes ninth Chrome zero-day exploited in attacks this year
Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited attacks. “Google is aware that an exploit for CVE-2024-7971 exists in the wild,” the company said in an advisory published on Wednesday. This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome’s V8 JavaScript engine. Security researchers with the Microsoft…
Read More » -
Blog
CISA warns critical SolarWinds RCE bug is exploited in attacks
Image: MidjourneyCISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds’ Web Help Desk solution for customer support. Web Help Desk (WHD) is IT help desk software widely used by large corporations, government agencies, and healthcare and education organizations worldwide to centralize, automate, and streamline help desk management tasks. Tracked as CVE-2024-28986, this Java deserialization…
Read More »