July 25, 2024 at 07:31AM The text discusses various application security testing methods essential for securing applications and understanding the differences between these methods and penetration testing. It details six different types of testing methods – Pentesting, DAST, SAST, IAST, Fuzz Testing for APIs, and APSM, providing benefits and distinctions for each. The integration of … Read more
May 3, 2024 at 07:27AM Horizon3.ai has introduced a Rapid Response service to their NodeZero SaaS-based penetration testing platform, using a combination of autonomous AI and human expertise. This service aims to quickly identify and address critical vulnerabilities, staying ahead of potential attackers. Leveraging AI’s speed and human reasoning, the platform creates safe exploits and … Read more
April 29, 2024 at 07:48AM Today’s cyber threats are becoming increasingly complex, requiring better and more consolidated approaches. Exposure Management offers a comprehensive method to identify, evaluate, and address security weaknesses across an organization’s digital footprint. Contrasting it with other common approaches such as Penetration Testing, Red Teaming, Breach and Attack Simulation tools, and Risk-Based … Read more
April 22, 2024 at 08:00AM A 2024 survey by Pentera revealed staggering results: 51% of organizations experienced a cyberattack in the past two years, despite investing in an average of 53 security solutions. Breaches led to significant damage, prompting heightened board involvement. The survey also highlighted the need for more frequent and continuous security testing … Read more
March 29, 2024 at 08:03AM Automated network penetration testing is a game-changer in cybersecurity, making it affordable and efficient for companies to assess their network security regularly. Benefits include finding and fixing vulnerabilities, catching what other tools miss, improving security operations, avoiding downtime and financial losses, complying with regulations, understanding attackers’ tactics, testing incident response … Read more
March 28, 2024 at 11:47AM Traditional penetration testing, while important, can lead to hidden costs and inefficiencies. Penetration Testing as a Service (PTaaS) offers continuous monitoring, real-time testing, and enhanced collaboration. It provides more significant ROI and reduces the total costs of security. Outpost24’s PTaaS solution is a robust alternative to traditional pen testing, better … Read more
March 13, 2024 at 12:45PM Annual pen test vendor rotation seeks to maintain a fresh perspective on security. While it can uncover missed vulnerabilities and foster healthy competition, drawbacks include lack of consistency and high resource consumption. Penetration Testing as a Service (PTaaS) offers a sustainable alternative, providing continuous monitoring and insights while streamlining vendor … Read more
February 29, 2024 at 09:27AM Meta recently patched a critical vulnerability affecting the Facebook password reset process, as reported by cybersecurity researcher Samip Aryal. The flaw allowed an attacker to exploit a two-hour window to brute-force a unique six-digit code and gain control of an account. Meta’s bug bounty program recognized Aryal’s contribution, but the … Read more
February 6, 2024 at 01:41PM Attackers dubbed “ResumeLooters” used SQL injection and cross-site scripting to target at least 65 job-recruitment and retail websites, stealing databases with over 2 million emails and personal records in a month. They mainly targeted victims in Asia-Pacific, putting stolen data up for sale. Group-IB discovered the attacks, and have advised … Read more
December 14, 2023 at 05:20PM Group-IB has detected a new threat group, “GambleForce,” engaged in SQL injection attacks on organizations in the Asia-Pacific region. This group has targeted various sectors, including gambling, government, retail, travel, and job websites, using publicly available penetration-testing tools. The threat actor’s activities have led to data breaches in multiple organizations, … Read more