When was the last time you checked DNS configurations for subdomains pointing at services not in use? According to Crowdsource ethical hacker Thomas Chauchefoin, while expired and forgotten subdomains can easily become an entrypoint for an attacker to steal sensitive data, a robust attack surface management programme in place can keep them at bay.

The underrated threat of domain takeover and hacking a firm’s internal and external attack surface can enable malicious actors to circumvent many advanced website protection mechanisms. However, Detectify Crowdsource hacker Jasmin Landry says that deploying an external attack surface management (EASM) system can help beef up your security before a malicious hacker wreaks havoc on your company. A common aphorism in cybersecurity is that there’s no such thing as perfect security.

Low-code development platforms open the way for greater independence and efficiency for business users. Unfortunately, they sometimes also open the way for attackers, as a result of poor low-code security practices, especially as low-code application security tries to catch up with traditional application security. Last year, Microsoft’s Detection and Response Team (DART) published the timeline of an attack which leveraged Power Platform, Microsoft's low-code platform.

Learn about the methods cybercriminals use to exploit passive and active attack vectors so you can better protect your business or organization from cyberattacks. Cybercriminals will use any means they can to penetrate your corporate IT assets and exploit any vulnerabilities they find. Your ability to predict and prepare for these incidents could mean the difference between preventing a data breach and recovering from one.

Read how our red team used different attack techniques to hack AppLocker restrictions by implementing escalated privileges and reusing the Credentials Manager to extract stored data and Azure information.

When we asked the security community who is their hacker hero, it was unsurprising to see that Eva Galperin, Director of Cybersecurity at EFF and co-founder of the Coalition Against Stalkerware was a finalist on the list. Galperin is a hacktivist known for her rage tweets that help her fight the good fight to protect vulnerable groups being targeted. Most known for her work to track down APTs, she also champions personal privacy and taking down stalkerware. Oh and she’s done a TED talk.

When presented with an opportunity, people who never even planned to attack your organization may turn into a severe cybersecurity threat. Forget to block a dismissed employee from accessing your system and they may steal or alter your critical data. Grant a third-party contractor excessive access to your infrastructure and they may cause a serious data breach. That’s why it’s crucial to make sure you don’t give insiders an opportunity to turn malicious.

Detectify collaborates with Crowdsource, our private network of ethical hackers to help our customers access the latest critical security research and secure their web apps. With a hot hack summer, we saw a lot of devastating breaches which casted a negative view onto hackers as criminals. At Detectify, we believe that hackers are our allies.