Collaborate Disseminate
A research from Arkose Labs has revealed that there were over two billion credential stuffing attacks (2,831,028,247) during the last 12 months, growing exponentially during the period from October 2020 to September 2021. The spike in this type of onli… Continue reading Watch out for Christmas 2021 credential stuffing attacks!
In early May 2021, Colonial Pipeline, the operator of the pipeline that pumps 45% of the East Coast’s fuel, announced that they had been hacked. In his testimony before the Senate Committee on Homeland Security and Governmental Affairs, the company’s p… Continue reading Unused identities: A growing security threat
I have a system that uses MySQL’s local connection for authenticating both me and clients. This system was actually an API system that acts as a database hosting.
If I get the reasoning correct, each ransomware incidents were after the dat… Continue reading How to store and call MySQL’s db credentials in production? Does it matter in my use case?
For example I want to have a hard copy of my backup 2FA codes so that if I lose/destroy/don’t have my phone or laptop on me. I, of course, do not want them in plain text. I don’t want to encrypt them using a secure cryptographic algorithm … Continue reading "encrypting" a physical copy of a number by remembering a series of mathemtical operations rather than a key. Is this safe?
Trend Micro released a research detailing the murky cybercrime supply chain behind much of the recent surge in ransomware attacks. Demand has increased so much over the past two years that many cybercriminal markets now have their own “Access-as-a-Serv… Continue reading Cybercrime supply chain: Fueling the rise in ransomware
(note: VS Code is just an example, question is not specific to VS Code)
I would like to use Windows Credential Manager’s generic credentials, say store git passwords when using VS Code, so I have not forced to retype them every occasion wh… Continue reading Is there any safe way to use Windows Credential Manager’s generic credentials?
Gaining access to domain admin credentials is part of the endgame in many sophisticated attacks where threat actors are trying to maintain persistence. One of the ways that adversaries accomplish this is through DCSync attacks. What is a DCSync attack?… Continue reading Guarding against DCSync attacks
Arkose Labs released new data on the latest fraud trends, revealing increased threats during the holidays, rising bot attacks, and a resurgence in attacks on travel companies. As shoppers fill their online carts, account takeover (ATO) attacks and gift… Continue reading As digital shopping surges, researchers predict 8 million daily attacks
One of the biggest security risks of modern-day business is the mass use of passwords as the prime authentication method for different applications. When the technology was first developed, passwords were perceived by individuals and businesses alike a… Continue reading The world’s worst kept secret and the truth behind passwordless technology
Organizations continue to operate with limited visibility into user activity and sessions associated with web applications, despite the ever-present risk of insider threats and credential theft, a CyberArk research reveals. While the adoption of web ap… Continue reading 80% of organizations experienced employees misusing and abusing access to business apps