Operations | Monitoring | ITSM | DevOps | Cloud

Cyberattacks

What you need to know about Process Ghosting, a new executable image tampering attack

Security teams defending Windows environments often rely on anti-malware products as a first line of defense against malicious executables. Microsoft provides security vendors with the ability to register callbacks that will be invoked upon the creation of processes on the system. Driver developers can call APIs such as PsSetCreateProcessNotifyRoutineEx to receive such events.

Threats targeting Kubernetes and Defences

Attackers are continuously evolving their techniques to target Kubernetes. They are actively using Kubernetes and Docker functionality in addition to traditional attack surfaces to compromise, gain required privileges and add a backdoor entry to the clusters. A combination of Kubernetes security and observability tools is required to ensure the cloud infrastructure monitoring and lockdown and to enable DevSecOps teams with the right tools for the job.

Detecting Password Spraying Attacks: Threat Research Release May 2021

The Splunk Threat Research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing password spraying attacks against Active Directory environments. In this blog, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PurpleSharp, collect and analyze the Windows event logs, and highlight a few detections from the May 2021 releases.

SolarWinds and the Secure Software Supply Chain

In early 2020, threat actors breached the build systems of Solarwinds and used this access to add malicious code into one of SolarWinds products. The product, called “Orion”, is very widely used and deployed by tens of thousands of companies, including many Fortune 500 companies.

Google Authenticator and Pandora FMS, defend yourself from cyberattacks

For a long time, the Internet has been an easily accessible place for most people around the world, full of information, fun, and in general, it is an almost indispensable tool for most companies, if not all, and very useful in many other areas, such as education, administration, etc. But, since evil is a latent quality in the human being, this useful tool has also become a double-edged sword.

Types of Cryptography Attacks

Cryptography is an essential act of hiding information in transit to ensure that only the receiver can view it. IT experts achieve this by encoding information before sending out and decoding it on the receiver's end. Using an algorithm, IT experts can encrypt information using either symmetric or asymmetric encryption. However, like any other computer system, attackers can launch attacks on cryptosystems.

Keep OSS supply chain attacks off the menu: Tidelift catalogs + JFrog serve known-good components

How does your organization keep track of all of the open source components being used to develop applications and ensure they are secure and properly maintained? Our recent survey data shows that the larger an organization gets, the less confident they are in in their open source management practices. In companies over 10,000 employees, 39% are not very or not at all confident their open source components are secure, up to date, and well maintained.

ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack

When it comes to malware attacks, one of the more common techniques is “living off the land” (LOtL). Utilizing standard tools or features that already exist in the target environment allows these attacks to blend into the environment and avoid detection. While these techniques can appear normal in isolation, they start looking suspicious when observed in the parent-child context. This is where the ProblemChild framework can help.

Preventing SQL injection attacks with automated testing

SQL injection is one of the most destructive ways an application can be attacked. This kind of attack is targeted toward the application database, which can result in consequences that are irreversible, lead to loss of money, and reduce user trust in your company. There are far too many application data breaches happening every day, usually when a malicious agent attacks the database.

8 Utmost eCommerce Security Threats and Solutions of 2021

Last year, during the Magecart attacks saga, I was constantly flooded by calls from e-entrepreneurs – all sounding worried and anxious. The attacks were brazen, and the digital trust was taking a beating. After the initial shock waned, the entire conversation shifted gears. I still remember having long discussions with my clients about eCommerce security threats and their solutions. It now focused solely on building a reliable security system.