It’s well known that we just don’t put services or devices on the edge of the Internet without strong purpose justification. Services, whether maintained by end-users or administrators, have a ton of security challenges. Databases belong to a group that often needs direct access to the Internet - no doubt that security requirements are a priority here.

The typical process when scoping a penetration test is to get a list of targets from the client, which are typically a list of IP addresses and/or hostnames. But where does this information come from, and how accurate is it? Chances are the client has documentation that lists the devices they think they have, and what addresses or names they have been assigned. This documentation will form the basis of the scope when conducting testing or scanning against a target environment.

The security landscape is always changing. New features are coming out all the time, but often backward compatibility is maintained too. What this means is that while the new features may be present and active by default, it's possible for users to be completely unaware of them and continue using the legacy functionality.

Trustwave SpiderLabs recently undertook a survey of some 100 popular WordPress plugins for possible SQL Injection vulnerabilities. Some good news is that in the vast majority, no such vulnerabilities were identified. Most plugins were found to be using either prepared statements or suitable sanitization when incorporating user-controlled data in a query.

Secret-Chats in Telegram use end-to-end encryption, which is meant for people who are concerned about the security and privacy of their chat history. The messages can be read only by sender and receiver, and not even Telegram administrators have the encryption keys necessary to read any chats. From the Telegram FAQ.

Anyone who has ever read a vulnerability scan report will know that scanners often include a large number of findings they classify as "Info". Typically this is meant to convey general information about the target systems which does not pose any risk. Many people who read such reports will generally ignore all of the "Info" findings, and focus only on anything labeled "Critical" or "High". However, this can be dangerous for a number of reasons.

On, July 2nd, a massive ransomware attack was launched against roughly 60 managed services providers (MSPs) by criminals associated with the REvil ransomware-as-a-service (RaaS) group. The attack leveraged the on-premises servers deployed by IT Management Software vendor Kaseya. It was initially thought that Kaseya might have been compromised themselves as a root cause -- similar to the compromises associated with SolarWinds software in December of 2020.