Breaking News

•••  All important news related to new attacks and see the solutions we can offer you  •••

12/02/2021

Web Application Attacks Grow Reliant on Automated Tools

Lees de originele artikel hier
Cyber Defense

Cybercriminals targeting Web applications have grown more reliant on automated tools in their attacks, report Barracuda Networks researchers who analyzed two months of attack data. 

The top five threat types were dominated by attacks deployed using automated tools, they found. Fuzzing attacks (19.46%) were most prevalent, followed by injection attacks (12.07%), fake bots (12.02%), application distributed denial-of-service (9.29%), and blocked bots (1.2%). 

Automated attacks rely on bots to exploit vulnerabilities in Web applications, and there are two classes of attackers who use them. The larger amount of traffic comes from attackers who don't try to target a specific website but deploy automated attacks at scale. Another, smaller group uses automated tools to target e-commerce websites and other sites to generate a profit. 

These threats may take the form of fake bots posing as Google bots to avoid detection, or they could manifest as app DDoS attacks trying to crash a website by quietly overloading a Web app. Most attack traffic came from fuzzing, or reconnaissance, tools used to probe apps for bugs. 

Do you want to counter the attackers with state of the art automated solutions? Cert2Connect offers various solutions that will enable you Blue team to think and work offensive ! 

See Cert2Connect purple team
02/02/2021

Unemployment data exposed via third-party software attack.

Lees de originele artikel hier

The Washington state auditor's office today said names, Social Security numbers, banking information, and other personal data on residents filing unemployment claims were breached in the attack on the vendor, whose product is used by the auditor's office for transferring large files. The exposed data affects claimants who filed for unemployment benefits with the state between Jan. 1 to Dec. 10, 2020.

Meanwhile, an Accellion executive told The Seattle Times that the breached software was FTA, an older legacy package that the company has urged customers for years to abandon in favor of a next-generation product. Accellion's software was breached in December.

Discover how CheckMarx SCA would help you prevent this!
27/01/2021

Speed of Digital Transformation May Lead to Greater App Vulnerabilities

Lees de originele artikel hier
Software Security

Digital transformation initiatives have become a common way for companies to make their businesses more agile and to adapt quickly to market changes. But faster software development speeds and the greater number of applications may be causing vulnerabilities to be more common, application-security experts said this week.

Industries such as manufacturing, IT, and retail each have a large share of companies whose applications are always vulnerable, according to the AppSec Stats Flash monthly report from WhiteHat Security. Seventy percent of applications at manufacturing companies, 56% of IT applications, and 56% of retail applications have at least one serious vulnerability affecting the software for the entire year, the report stated.

See the fast and automatic software security solutions that Cert2connect has to offer
Load more