Breaking News

Lees verder

We willen u graag op de hoogte houden

Regelmatig publiceren we hier wetenswaardigheden over de laatste cyber- en cloud security ontwikkelingen en nieuwe cyber threats. Via het pop-up venster kun je je aanmelden voor een email alert zodra er een nieuw blog verschijnt. Uiteraard vallen alle verstrekte gegevens onder onze privacy policy, te vinden elders op deze site.

Hoe wordt webskimming uitgevoerd?

Web skimming-aanvallen zijn in wezen aanvallen op de toeleveringsketen van software die honderden of duizenden websites kunnen bereiken met behulp van de geëxploiteerde webapplicatie van derden.

Aangezien Third-party HTML/JavaScript-code aan de website wordt geleverd vanuit een geheel andere repository waar de eigenaar van de website geen controle over heeft (en onmogelijk rechtstreeks kan controleren), richten hackers zich op deze zelfde Third-party webservers. Dit geeft de aanvaller ongeautoriseerde toegang tot alle Third-party bibliotheken. Het gaat er dan om de skimming-code in een van de bestaande JavaScript-bestanden te injecteren en te verbergen.

Lees verder
Wat is webskimming?

Voordat we ingaan op de details van het aanpakken van webskimming-bedreigingen, is het belangrijk om te weten wat ze eigenlijk zijn. Webskimming is een hacktechniek waarbij de aanvaller de betaal- of afrekenpagina van websites doorbreekt door een kwaadaardig script of malware te injecteren via de apps van derden (Third Parties) die door de website worden gebruikt. Creditcardgegevens en persoonlijke gegevens worden verzameld, vaak onopgemerkt.

Lees verder
Alles wat je moet weten over webskimming-aanvallen

Webskimming, ook bekend als digital skimming, is een hacktechniek die zich richt op digitale bedrijven door niet-gecontroleerde en gecompromitteerde webapplicaties aan de browserzijde te manipuleren. Meestal worden deze aanvallen geïnitieerd door kwaadaardige JavaScript-code (JS) strategisch op betaal- en afrekenpagina's van de website te plaatsen en waar nietsvermoedende gebruikers hun persoonlijke en financiële gegevens invullen.

Lees verder
What is a Watering Hole attack and how to prevent them

A Watering Hole attack is a method in which the attacker seeks to compromise a specific group of end users either by creating new sites that would attract them or by infecting existing websites that members of that group are known to visit. The attacks have been adopted by criminals, APT groups and nation states alike and we see the amounts rising. The goal is to swipe username and password combinations hoping the victim reuses them, or infect a victim's computer and gain access to the network within the victim's place of employment. Many conclude that these attacks are an alternative to Spear Phishing but are quite different. Watering Hole attacks are still targeted attacks, but they cast a wider net and trap more victims than the attacker’s original objective.  

Lees verder
Third Party Risk Assessment Fatigue - Why should you care?

It's no secret that companies are increasingly relying on third parties for their product and services that they use in their operations. As a result, companies often have to share confidential information with these third parties and vendors.

This makes third-party risk assessment crucial for any business. In other words, it should be one of its top priorities. It's simple, when companies share their confidential information with third parties, they open themselves to the risk of data breaches and a variety of other cyber security risks.

 

Assessment fatigue is a term that originates from the medical world. It describes the false symptoms someone may show when they’re exposed to too much diagnostic testing. In other words, a patient may experience symptoms of a disease if they’re constantly tested for it, even though they don't have the disease.

Lees verder
Supercharging your AppSec testing automation with NexDAST

For many organizations, the automation of thorough security testing is yet another challenge. During this interactive webinar, we show you how you can boost your DevOps and CI / CD process with AppSec automation. Would you like to know what the latest generation Dynamic Application Security Testing improves for you?

Lees verder
How do WordPress sites get hacked?

WordPress has many advantages and is not without reason the most popular way to build a website, with 60% of pages on the web based on it. Unfortunately, it is this popularity that makes WordPress a juicy target for malicious users. Every year hundreds of thousands of WordPress and ecommerce sites get hacked.

So, is WordPress secure?

Attackers don’t get in thanks to security flaws in WordPress’s latest core software. Rather, most hacks can be easily prevented by taking simple steps like keeping things updated and securing passwords.

Lees verder
Boosting Red and Blue Team Effectiveness with Cyber Attack Simulation

One of cyber security professionals' biggest fears is not knowing what they don't know. Even with the most comprehensive security controls and processes in place, it's difficult to know if they're working as expected. That's why many organizations are using blue team and red team exercises for security control validation.

Lees verder
The Key Threats and Risks That Third-Parties Create to Websites

Third-party apps on websites present potential threats and risks that may affect the security and privacy posture of your website. For your customers, your website is the front end of your organization.

In today’s digitally connected world, websites play a major part in almost every company’s success, and yours is no different. Websites often integrate third-party tools to make themselves more dynamic and interactive, and for offering smooth connectivity to their customers.

Lees verder

Abonneer je op onze blog

Ontvang het laatste nieuws en inhoud over cyber security