Threat Research
How DataDome’s Anti-DDoS Mode Protected a Leading US News Website
A leading US news website recently faced a layer 7 DDoS attack. Learn how DataDome's anti-DDoS mode stopped the attack in its tracks, keeping the customer safe ...
Meet Silver SAML: Golden SAML in the Cloud
Key findings Golden SAML is a known attack technique discovered by CyberArk and published by Shaked Reiner. For years, Golden SAML has been known for its extraction of signing certificates... The post ...
Attackers leverage PyPI to sideload malicious DLLs
ReversingLabs researchers have observed a clear trend in which open-source platforms and code have become the stage for a growing and diverse range of malicious activity and campaigns. This trend includes hosting ...
Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware
As our hunt against malicious Python packages continues, Imperva Threat Research recently discovered an attempt to masquerade Fade Stealer malware as a nondescript package, Colorama. Why Colorama? Colorama is a package used ...
The Art of Bot Detection: How DataDome Uses Picasso for Device Class Fingerprinting
Learn how DataDome uses Picasso for device class fingerprinting, which can aid in detecting sophisticated bots lying about their environments ...
Malicious PDFs, deepfakes, and romance scams were just some of the 10 billion cyber attacks we saw last year
If you've been hoping that cyber attacks were on the decline, brace yourself for a reality check: 2023 was an unprecedented year in cyber threats. We witnessed more than 10 billion attacks ...
GitGot: GitHub leveraged by cybercriminals to store stolen data
ReversingLabs researchers have discovered two malicious packages on the npm open source package manager that leverages GitHub to store stolen Base64-encrypted SSH keys lifted from developer systems that installed the malicious npm ...
Python’s Poisoned Package: Another ‘Blank Grabber’ Malware in PyPI
Python Package Index (PyPI) is a platform that offers an extensive range of packages to simplify and enhance the development process. Malicious actors regularly upload phishing packages in the platform’s repository aimed ...
How to Defend Against a Pass the Ticket Attack: AD Security 101
Any organization that relies on Kerberos authentication—the primary authentication method in Active Directory environments—is potentially vulnerable to a Pass the Ticket attack. Organizations that do not regularly patch their systems,... The post ...
CVE-2023-50164: A Critical Vulnerability in Apache Struts
On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. ...