Blog
-
Credential Stuffing Campaign: 1.1 Million Compromised Accounts Uncovered by NY AG, Over a Dozen Companies Targeted
Credential stuffing has grown year-over-year, particularly during the Covid-19 pandemic. Every new data breach that leaks compromised accounts to the dark web provides these campaigns with that much more fuel.
-
The Full Costs of Log4J Could Include Legal Action, FTC Fines
What exactly does the FTC expect companies to do to steer clear of legal action? Thus far it has not laid out specific requirements, but has called for “reasonable steps” to include following the CISA published guidance on Log4J.
-
$24 Billion in MATIC Coins Saved With Timely Patch of Critical Vulnerability
A critical vulnerability in the Polygon network that could have been exploited to compromise all MATIC coins was thwarted by two ethical hackers and a timely patch, saving some $24 billion.
-
US, UK Intelligence Officials Believe Conflict Between Russia and Ukraine Will Play Out via Cyber Attacks
Russian troops on the border of Ukraine have prompted fears of armed conflict, but intelligence experts believe that hostilities may be limited to cyber attacks as Russia pursues its ongoing strategy of undermining the Ukrainian government.
-
Threat Actors From Russia and Iran Obtained Voter Data To Conduct Election Interference; Some Americans Are Receiving Intimidating Spoofed Emails
Director of National Intelligence John Ratcliffe has issued a statement that Iranian and Russian actors have US voter data and are using it to engage in election interference.
-
Hidden Cyber War Between Israel and Iran Spills Into Public View With Attacks on Physical Infrastructure
Israel and Iran may be in a hidden cyber war with both countries attacking each other’s critical infrastructure, causing physical disruptions to the civilian population.
-
State-Sponsored Hackers Have Been Pushing Spyware Through Authorized Google Play Downloads for Years
Campaign run by a group of state-sponsored hackers appears to have been passing data-siphoning spyware through approved apps in Google Play Store for years.
-
New Study Reveals That Tens of Thousands of Android Apps Have Undocumented Backdoors
Nearly 10,000 Android apps are found with a variety of undocumented backdoor abilities such as remotely resetting user passwords and blocking users from loading certain types of content.
-
The Romance of Bug Bounties
Beyond the challenges around risk and uncertainty, can bug bounties really deliver on their promise? Even as crowdsourced security testing continues to gain acceptance, what’s important is designing the right model to increase efficiency and avoid diminishing marginal returns.