Blog - Cyber Security Informer

Smooth Cybercriminals: Google Warns of Iran-Backed APT Hackers

SecureWorld News

OCTOBER 19, 2021

One notorious hacking group from Iran uses particularly dirty schemes to fleece users, according to Google's Threat Analysis Group (TAG). According to Google’s TAG blog, APT35 have been active since at least 2017, including attacks on the 2020 U.S. Read Google's official TAG blog to learn more about the technical details.

Phishing

Phishing Social Engineering Authentication Government

Microsoft Targets Critical Outlook Zero-Day Flaw

eSecurity Planet

MARCH 16, 2023

. “An attacker who successfully exploited this vulnerability could access a user’s Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user,” the company wrote. Performing this mitigation makes troubleshooting easier than other methods of disabling NTLM.

Energy and Utilities

Energy and Utilities Authentication Firewall Engineering

Five Key Points When Preventing Cybersecurity Attacks in a World of Hybrid Working

Security Boulevard

AUGUST 30, 2021

<a href='/blog?tag=Endpoint tag=Endpoint Protection'>Endpoint Protection</a> <a href='/blog?tag=Data tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=File tag=File Transfers'>File Transfers</a> <a href='/blog?tag=Advanced

Social Engineering

Social Engineering Cybersecurity Unstructured Data Engineering

Cyber Playbook: An Overview of PCI Compliance in 2022

Herjavec Group

MARCH 24, 2022

Being PCI compliant is essential to properly handle sensitive data including payment card data, cardholder data, and even sensitive authentication data. Traditional penetration testing and application security assessment tools, methods, and techniques tend to neglect this attack surface. The Solution. PCI Data Security Standards v4.0.

Architecture

Architecture Penetration Testing Firewall eCommerce

Bad Actor Using New Method to Avert Detection, Google Discovers

SecureWorld News

SEPTEMBER 25, 2021

In a blog post, Neel Mehta, Information Security lead for Google, explains how a hacker has managed to break certificate code parsing to invade email inboxes and infect users with malware. According to Google, this actor began using this method in the summer of 2021. Faking legitimate code signatures: how does it work?

Malware

Malware Software Authentication Cybersecurity

Another NFT explainer, with a bonus look at the data security implications

Webroot

MAY 12, 2021

A distributed group of devices does the work to vouch for the authenticity of the token the same way it does for a bitcoin. An often used and helpful analogy is to certificates of authenticity (COA) like those used in the art world. Even less surprising than the theft are the methods used to do it.

Cryptocurrency

Cryptocurrency Marketing Phishing Authentication

How to evolve your organization into a data-centric security architecture

CyberSecurity Insiders

DECEMBER 21, 2021

This blog was written by an independent guest blogger. Users may also need to re authenticate themselves if they choose to switch tasks or have been inactive for a set amount of time. How you choose to authenticate users is up to you. Some teams choose to use tags, so they are able to rapidly search for items.

Architecture

Architecture Encryption Authentication Data breaches

What is the Same-Origin Policy?

Security Boulevard

MAY 19, 2021

Modern web applications often base their authentication on cookies, which the browser automatically includes when sending requests to the same server. In this technique, you share data with a cross-origin page by sending text-based messages using the “Window.postMessage()” method. Good cookies, bad cookies. JSON with Padding.

Internet

Internet Internet Banking Authentication

API Security 101 for Developers: How to Easily Secure Your APIs

ForAllSecure

MARCH 29, 2023

In the following sections, we will discuss: API Basics Common API Security Vulnerabilities Best Practices for API Security How to do API Security Automatically By the end of this blog post, you will have a good understanding of API security and the steps you can take to easily secure your APIs. API Basics: What Is an API and How Do APIs Work?

Authentication

Authentication Passwords Encryption Software

BlackCat ransomware

CyberSecurity Insiders

FEBRUARY 25, 2022

This blog was jointly written with Santiago Cortes. According to these blogs, at least 10 companies may have been impacted by these ransomware campaigns in the first two weeks of February. Blog BotenaGo. Make sure two-factor authentication is enabled in all services. Detection methods. Executive summary.

Ransomware

Ransomware Encryption Malware Backups

Node.js Vulnerability Cheatsheet

Security Boulevard

FEBRUARY 17, 2022

Authentication bypass. But the SOP does not limit javascript code, and the HTML <script> tag is allowed to load Javascript code from any origin. Read about how to implement allowlists and which Javascript methods you should avoid to prevent RCE here. Authentication Bypass. Log injection. Mail injection.

Authentication

Authentication Encryption Engineering Firewall

Top Trending CVEs of January 2024

NopSec

JANUARY 31, 2024

This exploit will certainly be chained with other vulnerabilities and post exploitation methods that require SYSTEM privileges. One of the more interesting aspects of this vulnerability is that the vulnerable XAML component leverages undocumented API methods within the CoreMessaging.dll for interprocess communication.

VPN

VPN Government Risk Hacking

2024 Duo Trusted Access Report: 5 Key Findings for MSPs to Strengthen Security

Duo's Security Blog

FEBRUARY 16, 2024

Duo’s latest annual Trusted Access Report , aptly titled "Navigating Complexity," peels back the layers on the ever-evolving world of access management and analyzes real-world data from 16 billion authentications across millions of devices and users. of measured authentications.

Authentication

Authentication Accountability Risk Mobile

How have people proven their identity since the dawn of time?

CyberSecurity Insiders

JUNE 24, 2021

As part of our series on Digital Identity , this blog will look back on the personal identification techniques of previous eras to show how methods of identification have developed over the course of human history. Another historical identification method was the use of tattoos. 100,000 years ago – Jewellery. 1046 BC – Tattoos.

Computers and Electronics

Computers and Electronics Passwords Technology Government

Fighting API Bots with Cloudflare's Invisible Turnstile

Troy Hunt

AUGUST 21, 2023

Which is why they turned their attention to the non-authenticated, non-documented unified search API. Instead, Turnstile offers the ability to issue a "non-interactive challenge" which implements the sorts of clever techniques mentioned above and as it relates to this blog post, that can be an invisible non-interactive challenge.

Firewall

Firewall Authentication Internet Internet

Why access management needs to evolve beyond passwords

CyberSecurity Insiders

OCTOBER 13, 2021

This blog was written by an independent guest blogger. That ’ s nearly double its price tag of $381,920 back in 2015. When paired with other security measures such as multi-factor authentication (MFA), SSO can help to reduce the security risks posed by passwords. credential compromises every year.

Passwords

Passwords Accountability Data breaches Authentication

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

Clear Text authentication still exists in 2023 Although not directly related to malware infection, we did discover a few other interesting findings during our threat hunt, including numerous examples of clear text traffic disclosing email credentials or authentication session cookies for variety of applications.

Wireless

Wireless DNS Mobile Technology

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

Last June, Google’s TAG team released a blog post documenting attacks on Italian and Kazakh users that they attribute to RCS Lab, an Italian offensive software vendor. In line with our predictions, we released two blog posts in 2022 introducing sophisticated low-level bootkits.

Firmware

Firmware Surveillance Mobile Telecommunications

Cyber Security Informer

Smooth Cybercriminals: Google Warns of Iran-Backed APT Hackers

Microsoft Targets Critical Outlook Zero-Day Flaw

Trending Sources

Five Key Points When Preventing Cybersecurity Attacks in a World of Hybrid Working

Cyber Playbook: An Overview of PCI Compliance in 2022

Bad Actor Using New Method to Avert Detection, Google Discovers

Another NFT explainer, with a bonus look at the data security implications

How to evolve your organization into a data-centric security architecture

What is the Same-Origin Policy?

API Security 101 for Developers: How to Easily Secure Your APIs

BlackCat ransomware

Node.js Vulnerability Cheatsheet

Top Trending CVEs of January 2024

2024 Duo Trusted Access Report: 5 Key Findings for MSPs to Strengthen Security

How have people proven their identity since the dawn of time?

Fighting API Bots with Cloudflare's Invisible Turnstile

Why access management needs to evolve beyond passwords

Black Hat USA 2023 NOC: Network Assurance

Advanced threat predictions for 2023

Stay Connected