May 8, 2024 at 07:06AM John Lambert from Microsoft defines the different mindsets of defenders and attackers in IT systems. Defenders focus on listing and eliminating security gaps, while attackers aim to breach by targeting the weakest link. Embracing the attacker’s perspective through penetration testing is crucial, especially in cloud environments. The article also highlights … Read more
April 16, 2024 at 10:28AM Social engineering poses a significant threat to organizations, with up to 98% of cyber-attacks involving some form of social engineering. Protecting digital assets, including web applications, is crucial. Strategies to mitigate social engineering risks include end user training, least privilege access, multi-factor authentication, security audits, and incident response plans. Additionally, … Read more
April 3, 2024 at 07:51AM Attack surface management (ASM) and vulnerability management (VM) are often confused but differ in scope. VM uses automated tools to identify and prioritize security issues on known assets, while ASM focuses on detecting all digital assets and minimizing exposure to prevent exploitation. Used together, they create a more comprehensive cybersecurity … Read more
March 26, 2024 at 12:48PM Airbus Defence and Space acquires Germany-based cybersecurity firm Infodas to strengthen its cybersecurity portfolio. Infodas provides Secure Domain Transition (SDoT) security gateway appliances and other IT solutions, serving companies and government organizations. The deal’s financial terms have not been disclosed, and it is expected to be finalized by the end … Read more
February 28, 2024 at 02:51PM Kali Linux 2024.1 has been released with new tools, desktop changes, and a theme refresh. Four new tools include blue-hydra, opentaxii, readpe, and snort, while visual updates and two new wallpapers enhance user experience. The release also features desktop improvements and upgrading to Kernel version 6.6. Existing users can upgrade, … Read more
February 26, 2024 at 04:05PM Hack The Box has introduced the Hack The Box Certified Web Exploitation Expert (HTB CWEE) certification to address the increasing cyber threats and diverse web environment. The rigorous hands-on certification assesses candidates’ ability to identify elusive web vulnerabilities and enhances their skills in web security and penetration testing. Haris Pylarinos, … Read more
February 22, 2024 at 05:51AM SSH-Snake, a network mapping tool, has been repurposed by threat actors to conduct malicious activities. The self-replicating worm leverages SSH credentials to spread throughout the network and harvest credentials and IP addresses. It has been observed in real-world attacks, highlighting the importance of comprehensive security measures. Additionally, a new botnet … Read more
February 8, 2024 at 11:08PM Singapore-based cyber security firm Group-IB uncovered a group, dubbed “ResumeLooters,” operating across Asia, stealing sensitive data using SQL injection and XSS attacks. The victims were mainly job search websites and e-commerce companies in Asia, with evidence showing the attacks beginning as early as January 2023. The attackers attempted to gain … Read more
January 31, 2024 at 12:36PM A recent code security audit of the Tor network by Radically Open Security revealed 17 vulnerabilities, including a high-risk CSRF bug in the Onion Bandwidth Scanner. The issues can lead to DoS attacks, security bypass, and unauthorized access. This audit followed another by Cure53 that focused on user interface changes … Read more
January 31, 2024 at 11:00AM Eight companies, including Crowe Indonesia Teknologi and Grant Thornton Consulting CJSC, have attained accreditation as cybersecurity service providers for Dubai’s “Cyber Force” initiative. The initiative, in collaboration with CREST and Dubai’s Electronic Security Center, aims to enhance cybersecurity measures and make Dubai the safest city in the digital space. Initially, … Read more