Understanding Credential Stuffing Attacks

| | bot management
The firehose of security incidents – data breaches, ransomware, and supply chain attacks – often obscures the methods that attackers use to create these incidents. One of the most common is credential stuffing, which is a type of authentication-related attack that leads to account takeovers (ATO) and ultimately theft or ... Read More

Blue Screened: Microsoft Windows Computers Crashed by Automated CrowdStrike Update

| | Uncategorized
What happened? Today, a significant global IT outage is broadly affecting diverse industries including aviation, banking, medical, technology, retail, and media due to a faulty content update published by security vendor CrowdStrike. Worldwide, thousands of computers running Microsoft Windows and CrowdStrike’s Falcon security software now show the Blue Screen of ... Read More

Blue Screened: Microsoft Windows Computers Crashed by Automated CrowdStrike Update

| | current-events
What happened? Today, a significant global IT outage is broadly affecting diverse industries including aviation, banking, medical, technology, retail, and media due to a faulty content update published by security vendor CrowdStrike. Worldwide, thousands of computers running Microsoft Windows and CrowdStrike’s Falcon security software now show the Blue Screen of ... Read More

What Are iframe Injection Attacks and How Do They Work?

| | API security
Imagine your financial institution sends you an email that says you need to check something related to your account and the email contains a handy link to help you resolve the issue. You click on the link and the bank site loads, you login with your credentials and notice nothing ... Read More

What Are iframe Injection Attacks and How Do They Work?

| | API security
Imagine your financial institution sends you an email that says you need to check something related to your account and the email contains a handy link to help you resolve the issue. You click on the link and the bank site loads, you login with your credentials and notice nothing ... Read More
chatgpt-attack-automation: A code snipopet

Authoring Automated Attacks with ChatGPT (or any Generative AI)

Basic API Interrogation During my time here at Cequence, I have been impressed with the attackers we face. Often, they have almost nothing to go on and must figure out how each piece of their attack is going to work. Sometimes it is finding an odd endpoint and trying things ... Read More

Hacker in Residence, on Black Hat USA 2023

| | About Cequence, API security
Attending many of the HackerSummerCamp activities involves attending a bunch of small meetups and social gatherings. Much of my peer group have become leadership within the organizations where they work and often, we discuss hard problems to solve. Some of my most memorable this year involved ChatGPT, Building Security Champions ... Read More

Hacker in Residence, on Black Hat USA 2023

| | About Cequence, API security
Attending many of the HackerSummerCamp activities involves attending a bunch of small meetups and social gatherings. Much of my peer group have become leadership within the organizations where they work and often, we discuss hard problems to solve. Some of my most memorable this year involved ChatGPT, Building Security Champions ... Read More

Insights from a Leading API Security Vendor: Understanding the Joint Cybersecurity Advisory on IDOR Vulnerabilities by ACSC, CISA, and NSA

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) released a joint Cybersecurity Advisory on July 27, 2023, to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference ... Read More

Insights from a Leading API Security Vendor: Understanding the Joint Cybersecurity Advisory on IDOR Vulnerabilities by ACSC, CISA, and NSA

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) released a joint Cybersecurity Advisory on July 27, 2023, to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference ... Read More