Collaborate Disseminate
In this video for Help Net Security, Yakir Kadkoda, Lead Security Researcher, and Assaf Morag, Lead Data Analyst at Aqua Security, talk about new npm flaws that allow attackers to target packages for account takeover. Npm is the default package manager… Continue reading New npm flaws let attackers better target packages for account takeover
A study shows that traditional identity fraud losses, caused by criminals illegally using victims’ information to steal money, exploded in 2021 to $24 billion — an alarming 79% increase over 2020. Further, the number of adults in the United States impa… Continue reading Traditional identity fraud losses soar, totalling $52 billion in 2021
Cequence Security released a report revealing that both developers and attackers have made the shift to APIs. Of the 21.1 billion transactions analyzed in the last half of 2021, 14 billion (70 percent) were API transactions. After analyzing some of the… Continue reading Attackers have come to love APIs as much as developers
The increased use of multi-factor authentication (MFA) has pushed developers of phishing kits to come up with ways to bypass that added account protection measure. A current popular solution? Phishing kits that use a transparent reverse proxy to presen… Continue reading Phishing kits that bypass MFA protection are growing in popularity
GitHub has fixed a serious vulnerability that would have allowed attackers to publish new, malicious versions of any existing package on the npm registry. About the fixed vulnerability The vulnerability, flagged by security researchers Kajetan Grzybows… Continue reading GitHub fixed serious npm registry vulnerability, will mandate 2FA use for certain accounts
Do you remember the name of your second-grade teacher? How about your maternal grandfather’s middle name? If you’ve ever forgotten a password, you’ve no doubt experienced the frustration of Knowledge-Based Authentication (KBA) firsthand when trying to … Continue reading Why are we still asking KBA questions to authenticate identity?
Imperva’s 12-month analysis on cybersecurity risks in the retail industry suggests that the 2021 holiday shopping season will be further disrupted by cybercriminals looking to create chaos and take advantage of an unprecedented global supply chai… Continue reading Retail industry security incidents soaring, worsened by the supply chain crisis
Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download. The malicious versions check whether the device on which they have been inst… Continue reading Popular nmp package hijacked, modified to deliver cryptominers
Sift released a report which details the evolving methods fraudsters employ to launch account takeover (ATO) attacks against consumers and businesses. The report details a sophisticated fraud ring that sought to overwhelm e-commerce merchants by innova… Continue reading ATO attacks increased 307% between 2019 and 2021
Fraudsters are increasingly focusing on digital accounts, whether that is by compromising existing user accounts or creating fake new accounts to commit fraud, an Arkose Labs report reveals. The report also found that attackers are leveraging fraud far… Continue reading Fraudsters increasingly focusing on digital accounts, whether existing or fake ones