In Basic Web Application Attacks (BWAA), we are largely focusing on attacks that directly target an organization’s most exposed infrastructure, such as Web servers. These incidents leverage one or the other of two entry points, the Use of stolen credentials or Exploiting a vulnerability. Attacks within this pattern are split between two areas. The means […]
Basic Web Application Attacks Read More »
That’s how Verizon’s report named this ever-growing type of attack. That trend has continued with an almost 13% increase this year (an increase as large as the last five years combined). Keeping in mind that while insidious, Ransomware alone is simply a model of monetization of a compromised organization’s access that has become quite popular.
A Few Words About Rampant Rampaging Ransomware Read More »
Patterns are essentially clusters of similar incidents. You can see there are eight patterns in this year’s Verizon report. Basic Web Application Attacks These attacks are against a Web application, and after initial compromise, they do not have a large number of additional Actions. It is the “get in, get the data and get out”
Web Application Pattern in Cybersecurity Incidents Still Growing Read More »
Assets are the things that you try to preserve. You can also find what was hacked via an exploit, and who was socially engineered by an attacker. This should help you understand what is being targeted and how to prioritize what type of coverage your infrastructure needs. Check out the specific types of servers on
Web Applications Are the Most Targeted Resources in Hacks Read More »
Do most breaches still occur through web applications? Let see how the security incident or breach played out last year. Actions that lead up to the breaches are stratified in Verizon’s 2022 Data Breach Report by the type of action and vector where the action was used to hack a system.
Are Applications Still The Most Popular Way to Hack Read More »
External Attacks Are Still More Likely Than Internal 2022 Verizon’s annual Data Breach Information Report (DBIR) findings indicate that data compromises are considerably more likely to result from external attacks than from any other source. Nearly three out of four cases came from outside the victim organization. Business partners were involved in 39 percent of
External Attacks Are Still More Likely Than Internal Read More »
I came across many cases of bad practices involving outsourced development teams recently. They vary from lack of skills to outright fraud. Damages ranged from a few thousand dollars wasted on misunderstood business requirements to millions of dollars siphoned through fake organizations. . The geography of “bad” developers often includes India, Eastern Europe and increasingly
Avoid Bad Developers Read More »
Cyber Security News: Phishing Attacks for Initial Access Surged 54% in Q1 MITRE Creates Framework for Supply Chain Security The Cybersecurity Infrastructure and Security Agency (CISA) has issued a warning about active exploits against unpatched F5 Network’s BIG-IP systems. Microsoft Security Intelligence this week tweeted a warning about an attack campaign targeting SQL servers and using a new
Bad Cyber Security News Read More »
Survive Amazon As Amazon increases in popularity and begins to offer greater discounts to its customers, more and more people are starting to shop online instead of at local stores and supermarkets. If you own or operate one of these brick-and-mortar establishments, how can you survive in the age of Amazon? While reducing your profit
What is “Cloud”? A short series of slideshows explaining what the cloud service is on the most basic level. What is Cloud Service in essence? How can we put it in simpler terms? That’s explained in the first slideshow. https://romanconsulting.io/wp-content/uploads/2022/04/cloud1.mp4 Obviously cloud services must be very useful if a lot of companies move their on
