ContainerDrip - Another Example of Why HTTP Basic Authentication is Flawed

The latest exploit in the series of issues with cloud infrastructure software is called “ContainerDrip” (CVE-2020-15157)and in some cases it can cause you to leak your registry secrets to an attacker. The attack is actually a kind of secret or password leak using request forgery. Your client unintentionally makes an HTTP API request to the attacker’s endpoint where this request contains the container image registry secret.


What is SQL injection?

An SQL injection (also known as SQLi) is a technique for the “injection” of SQL commands by attackers to access and manipulate databases. Using SQL code via user input that a web application (eg, web form) sends to its database server, attackers can gain access to information, which could include sensitive data or personal customer information. SQL injection is a common issue with database-driven websites.


4 Most Common Types of Cybersecurity Threats

There’s every indication that the pandemic is changing the nature of cybersecurity. Online threats are evolving to match our new remote-work paradigm, with 91% of businesses reporting an increase in cyberattacks during the coronavirus outbreak. Hackers are getting more and more sophisticated and targeted in their attacks. Many of these cyber threats have been around for a while, but they are becoming harder for the average user to detect.


How are scalping bots threatening your businesses?

Scalper bots, or inventory hoarding bots, are used to disrupt, manipulate, and steal merchandise much faster than any human can. These malicious bots add products to carts, often products that are in high demand or limited supply. This stock is held in a basket and made unavailable to other prospective buyers. Scalper bots perform this process multiple times, causing significant problems for websites and retailers, by hijacking inventory and reselling the items at a higher price.

The Future of Cyber Security Manchester: What Are Bot Attacks?

Netacea's General Manager, Nick Baglin, talking about a new approach to bots and account takeover at The Future of Cyber Security Manchester 2019. This presentation will reveal the true extent of the bot problem and what you can do to solve it using behavioural machine learning that identifies even the most sophisticated bots.

When robots strike: The hidden dangers of business logic attacks

When organisations consider how to protect their web applications from attacks, they often focus on security scans and pen tests to identify technical security flaws. While this is absolutely correct, there is another risk that often remains undetected until it is too late: business logic attacks.

FabFit - Not So Fun for Customers with Stolen Payment Data

Our sources state that there has been a 20% increase in web-skimming attacks since the outbreak of the COVID-19 virus. Recently, we have witnessed some high-profile Magecart attacks. The latest Magecart attacks include; American Payroll Association, music giant – Warner Music Group, and lifestyle subscription brand – FabFitFun.


Understanding how attackers move inside your organization

Cyberthreats have been coming at us from the left, right, and center. The number of cyberattacks is forever on the rise, and companies need to keep ramping up their security measures to protect themselves. It’s important that these measures cover every aspect of a network environment. To understand why monitoring your whole environment is so important, let’s take a look at what an attacker might do once they get inside your organization.


Don't Let Cyberattacks Derail Your Digital Transformation Journey

Many organizations across the U.K. are tackling the three main factors behind digital transformation: cloud technology, IoT, and employee mobility. However, one downside to increased digitization is how this opens an organization up to the potential for more cyberattacks, which isn’t too surprising when you consider an expanded digital presence equates to an expanded attack surface.