Credential stuffing is a cyberattack method where attackers use lists of compromised user credentials to breach into a system. These credentials, often obtained from previous data breaches and available on various dark web forums, include combinations of usernames, email addresses, and passwords.

Mobile Security Framework (MobSF), launched by OWASP in 2015, is a partially automated, open-source, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic, and malware analysis. MobSF is one of the most widely used security applications where the testing framework - a simple, flexible, and incredibly powerful tool has quickly become the lingua franca of security. The flexibility and accessibility of the tool are helpful but also dangerous.

Sugarlocker Summary On February 23, 2022, the operator linked to the SugarLocker ransomware, utilizing the pseudonym "gustavedore," was conspicuously seeking new partnerships on the Dark Web. SugarLocker operates through a highly flexible Ransomware-as-a-Service (RaaS) framework, facilitating extensive customization for its users in the clandestine corners of the Dark Web.

As backend developers, we are tasked with the crucial role of ensuring the security of our applications. Node.js is not exempt from this responsibility and its growing popularity makes it a lucrative target for hackers, making it imperative to follow best security practices when working with Node.js. In this blog post, we will be exploring some essential Node.js security code snippets every backend developer should know in 2024.

1Password doesn’t just keep your personal and work-related data safe. It also helps you keep them separate – and your company’s 1Password Business accounts include free 1Password Families memberships for all team members.

As a Chief Information Security Officer (CISO), you have the enormous responsibility to safeguard your organization’s data. If you’re like most CISOs, your worst fear is receiving a phone call in the middle of the night from one of your information security team members informing you that the company’s data is being sold on popular hacking forums.

Insecure software is significantly impacting our world. In a recent statement, CISA Director Jen Easterly declared: “Features and speed to market have been prioritized against security, leaving our nation vulnerable to cyber invasion. That has to stop... We are at a critical juncture for our national security.”

Cyberthreat analysis is the process of identifying, assessing, and understanding potential threats to an organisation's information systems and network. It involves defining the scope of the analysis, implementing relevant policies and procedures, and gathering data to assess and mitigate potential risks.

Ethical hacking and penetration testing are both essential components of cybersecurity testing, but they differ in their objectives and methodologies. Ethical hacking, also known as white-hat hacking, involves simulating the actions of a malicious hacker to identify vulnerabilities within an organisation's systems and networks. The primary objective of ethical hacking is to proactively identify and address potential security weaknesses before they can be exploited by unauthorised individuals.

In the ever-evolving tech landscape, companies face myriad challenges in scaling, security, and compliance. MonkeyFit's journey, as detailed in a comprehensive case study, demonstrates the power of strategic solutions in overcoming such hurdles.

In our ongoing series of articles on the Payment Card Industry Data Security Standard (PCI DSS), we’ve been examining each requirement in detail. Today, we turn our attention to Requirement 8: Identify Users and Authenticate Access to System Components. This requirement is built on two fundamental principles User identification and authentication,1) identifying individuals or processes on a system and 2) verifying their authenticity.

Following the boat-rocking acquisition acquisition of VMware by Broadcom at the end of 2023, uncertainty and skepticism has been looming among VMware customers as the changes were fast and drastic, impacting everyone in one way or another. While VMware still remains the virtualization leader and isn’t going anywhere (especially for large customers), a number of smaller organizations have been poking around to find whether realistic alternatives exist.