Introduction F5 Labs attack series articles help you understand common attacks, how they work, and how to guard against them. What Is Cross-Site Scripting? Cross-site scripting, commonly referred to as XSS, is one of many types of insertion attacks that affect web-based applications and, by extension, their users. It occurs when a vulnerability in an…
Read More
Two vulnerabilities with publicly available exploit code in JetBrains TeamCity on-premises software could result in attackers bypassing authentication and achieving code execution. Update March 7: The blog has been updated to include information in-the-wild exploitation of CVE-2024-27198. View Change Log Background On March 4, JetBrains published a blog post regarding two security issues affecting TeamCity…
Read More
The importance of fostering a cybersecurity culture within organizations cannot be overstated. While technical security measures are crucial, employee behaviour plays a significant role in cyber defense. Leadership commitment is paramount, and executives should set the tone by actively promoting cybersecurity awareness. Tailored security awareness programs, engaging both employees and executives, are essential for keeping…
Read MoreEvery day, we hear about the new “innovative” ways that hackers use to infiltrate devices to inject ransomware or steal invaluable date. But hackers are also using data manipulation to make subtle modifications to data sets, which is particularly insidious and could potentially have a greater crippling effect on organizations than a data breach. As…
Read MoreCyberattack Incidents at Financial Services Companies Like payment processors, financial services companies are private companies that serve the financial sector by providing data processing for banks, credit unions, and other financial institutions. They can perform loan analyses, credit ratings, check printing, data storage, or analytics. Basically, they provide any outsourced service except payment processing (the…
Read MoreApply appropriate updates provided by WordPress to vulnerable systems immediately after appropriate testing. (M1051: Update Software) Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard. Safeguard 7.2:…
Read More
Microsoft addresses 59 CVEs in its March 2024 Patch Tuesday release with no zero-day or publicly disclosed vulnerabilities. Microsoft patched 59 CVEs in its March 2024 Patch Tuesday release, with 2 rated critical and 57 rated as important. Elevation of privilege (EoP) vulnerabilities accounted for 40.7% of the vulnerabilities patched this month, followed by Remote…
Read MoreThe sector with the largest single attack in 2021, however, was ISP/Hosting, which saw attacks peak at 1.4 Tbps. Where DDoS Attacks Come From Denial-of-service attacks are most frequently launched from compromised servers or consumer devices, such as Internet-of-Thing (IoT) products and broadband routers. In producing this report, we made use of data not only…
Read MoreAre cybersecurity budgets increasing or decreasing? In December 2019, experts were predicting 2020 would see a modest 8.7% growth in cybersecurity spending. With the ongoing COVID-19 pandemic, it comes as no surprise that security budgets instead are being slashed, prompting Gartner to revise its estimate to 2.4% growth in spending. Are they right? Let’s look…
Read MoreAttackers are always on the lookout to compromise digital identities. A successful account takeover allows a cybercriminal to impersonate a genuine user for monetization purposes. Enterprises large and small have utilized various means to secure someone’s digital identity, and credentials are the starting point. F5 Labs 2021 Credential Stuffing Report indicates that 1.8 billion credential…
Read More