Use AI to fight AI-powered cyber-attacks

Cyber-attacks are commonly viewed as one of the most severe risks to worldwide security. Cyber-attacks are not the same as they were five years back in aspects of availability and efficiency. Improved technology and more efficient offensive techniques provide the opportunity for cybercriminals to initiate attacks on a vast scale with a higher effect. Intruders employ new methods and launch more comprehensive strategies based on AI to compromise systems.


Don't be the weak link in your customers' supply chain security

To solve the supply chain security dilemma, producers must get back to security basics. Get best practices for securing your supply chain. Nobody wants to be known as the weak link in the chain—any chain. But too many organizations are at risk of being just that in the digital supply chain because they haven’t made the cyber security of their products a priority. The most recent evidence of that is the SolarWinds/Orion cyber attack that impacted more than 18,000 organizations.


Five worthy reads: The unexpected costs following a cyberattack

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the worst data breaches that happened recently, their impact, and the cost of data breaches for companies. The COVID-19 pandemic has not only had an impact on the mental and physical health of employees, but on the digital health of organizations around the world.


Common types of cybersecurity attacks (includes threats & attack vectors)

The cyber threat landscape evolves every day following the most basic to more advanced types of cyber attacks that makes daily headlines. It is due to data breaches, causing reputational, financial losses and regulatory penalties. Our aim with this article is to update the reader on various types and categories of cyber attacks that help them make informed decisions about their business to identify what is important and how it should be protected.


SQL injection cheat sheet: 8 best practices to prevent SQL injection attacks

SQL injection is one of the most dangerous vulnerabilities for online applications. It occurs when a user adds untrusted data to a database query. For instance, when filling in a web form. If SQL injection is possible, smart attackers can create user input to steal valuable data, bypass authentication, or corrupt the records in your database. There are different types of SQL injection attacks, but in general, they all have a similar cause.


SSRF Attack Examples and Mitigations

Server-Side Request Forgery (SSRF) is an attack that can be used to make your application issue arbitrary HTTP requests. SSRF is used by attackers to proxy requests from services exposed on the internet to un-exposed internal endpoints. SSRF is a hacker reverse proxy. These arbitrary requests often target internal network endpoints to perform anything from reconnaissance to complete account takeover.


Hacking medical devices: Five ways to inoculate yourself from attacks

Healthcare companies must follow medical device security best practices to defend against attacks on devices and the networks and systems they connect to. It’s vital that healthcare companies follow medical device security best practices to defend against attacks on devices and the networks and systems they connect to—especially during a pandemic.


Stored XSS, explained: How to prevent stored XSS in your app

Web applications are one of the most targeted assets these days because they’re both open to the internet and have a larger attack surface. Attackers find various ways to hack web applications. And among all of those techniques, some make it to the OWASP Top Ten list of security risks. Cross-site scripting (XSS) has been one of the consistent toppers of this list, and in this post, we’ll discuss in detail one variant of cross-site scripting—stored XSS.


HAFNIUM: Protecting Your Exchange Server from Data Exfiltration

In early March, Microsoft reported a large, coordinated attack that exploited critical vulnerabilities in Exchange Server 2010, 2013, 2016 and 2019 in an attempt to exfiltrate credentials and other sensitive information from organizations’ mailboxes. Microsoft attributed this attack to a sophisticated Chinese group code-named HAFNIUM. The first detected attempts date back to January 2021.


64 times worse than ransomware? FBI statistics underline the horrific cost of business email compromise

The FBI is reminding organisations of the serious threat posed by business email compromise (BEC) scams, declaring that it caused over $1.8 billion worth of losses to businesses last year. The newly-published annual cybercrime report from the FBI’s Internet Crime Complaint Center (IC3) reveals that it had received a record number of complaints and claims of financial loss – with internet crime causing more than $4 billion in losses.