Illustration by jcomp On Sept. 15, Uber Technologies Inc. was breached by an 18-year-old. The hacker purchased an employee’s stolen credentials from the dark web and pushed a flood of multi-factor authentication (MFA) requests and fake IT messages to them in hopes of getting into their account. Irritated by the non-stop pop-ups, the employee caved in and approved the request, unwittingly setting off a cyberattack.

Understanding the latest BSIMM report trends can help you plan strategic improvements to your own security efforts. If you want good advice on how to improve your organization’s software security—and you should—you’ve come to the right place. What makes it even better is that it’s not coming only from us—It’s coming from your peers in your own industry sector.

With nearly every organization going through rapid digital transformations, it has become critical that security teams are equipped to provide seamless access for their remote users while keeping sensitive data secure. This is why I’m thrilled that Verizon has launched the Lookout suite of cloud security solutions to deliver security service edge (SSE) and ensure that customers can seamlessly secure their data and apps in the cloud, on premises and on the internet.

Digitalization is not a new term anymore, and it’s surely never going to fade away as it has etched its space in every sector. The optimistic business transformation it brought compelled almost everyone to incorporate digitalization processes into their business operation. Every industry realized that to proceed with the ongoing business profit and to compete in the market, they must adapt to the latest digital technology.

On September 11th, 2022, Snyk published a vulnerability report for the popular CSRF token management csurf npm package. The vulnerability impacts all known versions, which are currently yielding more than 400,000 downloads per week. The vulnerability report is based on the public disclosure by security consultant Adrian Tiron and their write-up on the Fortbridge blog.

Wireless network technology is widely used but at the same time, it has many security weaknesses. Several reports have explained weaknesses in the Wired Equivalent Privacy (WEP) & Wi-Fi Protected Setup (WPS) to encrypt wireless data. Before understanding the benefits of Wireless Network Assessment it is necessary to know what it is, why it is needed, how the service works and what you get from the service.

"Beauty is in the eye of the beholder." A famous phrase known to all indicates that our perceptions influence our definitions. The same can be said about penetration testing. Often when clients approach us for what they believe to be a penetration test, their definition and needs do not necessarily meet the accepted approach of those within the security field.

eCommerce is a trillion-dollar industry. But as the popularity of online shopping grows, so does the risk of refund fraud, which now costs businesses more than $25 billion every year. Refunds are a standard cost of retail — especially in eCommerce. But online shopping makes it much more difficult for businesses to investigate and verify valid refund demands from customers. Some customers take advantage of these difficulties by committing refund fraud.

For the past few days, I’ve been getting a lot of messages asking about my experience at this year’s Black Hat USA. So in this post, I’ll be recapping the conference to give you an inside look at what was presented and provide some helpful perspective. Black Hat is one of the largest — and most talked about — cybersecurity conferences. Its inception dates back to 1997.