Understanding Credential Stuffing Attacks
The firehose of security incidents – data breaches, ransomware, and supply chain attacks – often obscures the methods that attackers use to create these incidents. One of the most common is credential stuffing, which is a type of authentication-related attack that leads to account takeovers (ATO) and ultimately theft or ... Read More
Blue Screened: Microsoft Windows Computers Crashed by Automated CrowdStrike Update
What happened? Today, a significant global IT outage is broadly affecting diverse industries including aviation, banking, medical, technology, retail, and media due to a faulty content update published by security vendor CrowdStrike. Worldwide, thousands of computers running Microsoft Windows and CrowdStrike’s Falcon security software now show the Blue Screen of ... Read More
Blue Screened: Microsoft Windows Computers Crashed by Automated CrowdStrike Update
What happened? Today, a significant global IT outage is broadly affecting diverse industries including aviation, banking, medical, technology, retail, and media due to a faulty content update published by security vendor CrowdStrike. Worldwide, thousands of computers running Microsoft Windows and CrowdStrike’s Falcon security software now show the Blue Screen of ... Read More
What Are iframe Injection Attacks and How Do They Work?
Imagine your financial institution sends you an email that says you need to check something related to your account and the email contains a handy link to help you resolve the issue. You click on the link and the bank site loads, you login with your credentials and notice nothing ... Read More
What Are iframe Injection Attacks and How Do They Work?
Imagine your financial institution sends you an email that says you need to check something related to your account and the email contains a handy link to help you resolve the issue. You click on the link and the bank site loads, you login with your credentials and notice nothing ... Read More
Authoring Automated Attacks with ChatGPT (or any Generative AI)
Basic API Interrogation During my time here at Cequence, I have been impressed with the attackers we face. Often, they have almost nothing to go on and must figure out how each piece of their attack is going to work. Sometimes it is finding an odd endpoint and trying things ... Read More
Hacker in Residence, on Black Hat USA 2023
Attending many of the HackerSummerCamp activities involves attending a bunch of small meetups and social gatherings. Much of my peer group have become leadership within the organizations where they work and often, we discuss hard problems to solve. Some of my most memorable this year involved ChatGPT, Building Security Champions ... Read More
Hacker in Residence, on Black Hat USA 2023
Attending many of the HackerSummerCamp activities involves attending a bunch of small meetups and social gatherings. Much of my peer group have become leadership within the organizations where they work and often, we discuss hard problems to solve. Some of my most memorable this year involved ChatGPT, Building Security Champions ... Read More
Insights from a Leading API Security Vendor: Understanding the Joint Cybersecurity Advisory on IDOR Vulnerabilities by ACSC, CISA, and NSA
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) released a joint Cybersecurity Advisory on July 27, 2023, to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference ... Read More
Insights from a Leading API Security Vendor: Understanding the Joint Cybersecurity Advisory on IDOR Vulnerabilities by ACSC, CISA, and NSA
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) released a joint Cybersecurity Advisory on July 27, 2023, to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference ... Read More