Collaborate Disseminate
The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s laptop with malware, stealing their 2FA-backed SSO session cookie, and using it … Continue reading CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie
Since the early stages of the pandemic, account takeover fraud (ATO) has significantly transformed, quickly becoming one of the fastest-growing cybersecurity threats with 22% of adults in the US falling victim to this attack. With new user fraud, synth… Continue reading How an effective fraud prevention strategy can force fraudsters to invest more in their attacks
Imperva releases The State of Security Within eCommerce 2022 report, a 12-month analysis by Imperva Threat Research of cybersecurity threats targeting the retail industry. Retail industry cybersecurity threats A range of automated threats – from … Continue reading API abuses and attacks create new challenges for retailers
Dropbox has suffered a data breach, but users needn’t worry because the attackers did not gain access to anyone’s Dropbox account, password, or payment information. Instead, they grabbed code from 130 of the company’s private repositories h… Continue reading 130 Dropbox code repos plundered after successful phishing attack
The Identity Theft Resource Center (ITRC) has published a research that shows nearly 40 percent of ITRC victims say their personal information was stolen, compromised or misused in the past year. This Help Net Security video provides information how so… Continue reading Emotional and physical effects of identity theft are on the rise
Cequence Security released its first half 2022 report titled, “API Protection Report: Shadow APIs and API Abuse Explode.” Chief among the findings was approximately 5 billion (31%) malicious transactions targeted unknown, unmanaged and unprotected APIs… Continue reading Shadow APIs hit with 5 billion malicious requests
The Identity Theft Resource Center (ITRC) has published a research that shows nearly 40 percent of ITRC victims say their personal information was stolen, compromised or misused in the past year. The report goes beyond the known financial implications … Continue reading How does identity crime affect victims?
Uber has confirmed that the recent breach of its systems started with a compromised account belonging to a contractor. “It is likely that the attacker purchased the contractor’s Uber corporate password on the dark web, after the contractor’s pers… Continue reading Uber says Lapsus$ gang is behind the recent breach
“An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information,” the makers of the… Continue reading LastPass breach: Source code, proprietary tech info stolen
Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years. But threat actors are keeping up with the increasing enterprise adoption of MFA and are constantly coming up with ways to bypass the additio… Continue reading How attackers use and abuse Microsoft MFA