Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets
Access-as-a-service took off in underground markets with more than 775 million credentials for sale and thousands of ads for access-as-a-service.
What GoDaddys YearsLong Breach Means for Millions of Clients
The same sophisticated threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Heres what to do.
Bookingcoms OAuth Implementation Allows Full Account Takeover
Researchers exploited issues in the authentication protocol to force an open redirection from the popular hotel reservations site when users used Facebook to log in to accounts.
On Shaky Ground Why Dependencies Will Be Your Downfall
Theres never enough time or staff to scan code repositories. To avoid dependency confusion attacks, use automated CI/CD tools to make fixes in hard-to-manage software dependencies.
Everybody Wants Least Privilege So Why Isnt Anyone Achieving It
Overcoming the obstacles of this security principle can mitigate the damages of an attack.
Dish Blames Ransomware Attack for Disruptions of Internal Systems Call Center Services
The cyberattackers might have potentially accessed customer information, the service provider warns.
Linux Support Expands Cyber Spy Groups Arsenal
An infamous Chinese cyber-hacking team has extended its SysUpdate malware framework to target Linux systems.
What Happened in That Cyberattack With Some Cloud Services You May Never Know
More cyberattackers are targeting organizations cloud environments, but some cloud services, such as Google Cloud Platforms storage, fail to create adequate logs for forensics.
CISA ZK Java Framework RCE Flaw Under Active Exploit
The flaw, which drew attention in October when it was found in ConnectWise products, could pose a significant risk to the supply chain if not patched immediately.
Exfiltrator22 The Newest PostExploitation Toolkit Nipping at Cobalt Strikes Heels
The framework-as-a-service signals an intensification of the cat-and-mouse game between defenders detecting lateral movement, and cybercriminals looking to go unnoticed.