Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

How to protect yourself from APTs to avoid incidents like the Microsoft Exchange case

APTs (Advanced Persistent Threat) have more serious consequences than conventional cyberattacks. The explanation for this lies in the fact that, on the one hand, the perpetrators spend much more time and effort (often promoted by government organizations), and on the other, the victims are also more high profile.

Hunting for Malicious PowerShell using Script Block Logging

The Splunk Threat Research Team recently evaluated ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging to assist enterprise defenders in finding malicious PowerShell scripts. This method provides greater depth of visibility as it provides the raw (entire) PowerShell script output. There are three sources that may enhance any defender's perspective: module, script block and transcript logging.

Conducting Penetration Testing for Your Corporate Security

Understanding your organization’s cybersecurity posture is becoming more important every day. So how do you know how secure your IT infrastructure really is? One way to get a glimpse into your organization’s security is penetration testing: pretending (or hiring someone to pretend) to be a hacker, attempting to infiltrate your organization’s physical and cyber systems however possible.

NIST's New Draft for Ransomware Risk Management

Cyberattacks against businesses of all sizes are at all-time highs. Data from 2021 and projections for the future of cybersecurity suggest that the frequency and intensity of these attacks will only continue to grow. At the forefront of most cyberattacks in 2020 was ransomware, a type of malicious malware attack where attackers encrypt your organization’s data and demand payment in exchange for a decryption key to restore access.

Apple's Vulnerability

Apple has issued an emergency software update after a cyber-surveillance company created invasive spyware that could infect any iPhone, iPad, Apple Watch, or Mac Computer. Toronto-based internet watchdog security group Citizen Lab said that NSO, the surveillance company which is an Israeli spyware company, developed the tool with a technique that could easily exploit Apple software.

Kubernetes network segmentation using native controls

Network segmentation is almost as old as computer networking. The evolution of network segmentation went through switches to routers and firewalls, and as modern networks evolved, the ability to better control traffic by operating system native functionality evolved as well. Native controls like IP Tables became lingua franca, alongside access control lists, process isolations, and more. Native controls are not a new concept.

Supply Chain Security Update: How Secure is Composer?

When it comes to PHP, composer is without discussion, THE package manager. It’s fast, easy to use, actively maintained and very secure — or so most thought. On April 21, 2021, a command injection vulnerability was reported, which shook the PHP community. Fortunately it didn’t have a very big impact, but it could have. The problem with the vulnerability is that it affected the very heart of the Composer supply chain: Packagist servers.

Everything You Need to Know About the Apple Emergency Software Update

On Tuesday, September 14, Apple announced its latest generation of products along with the major release of iOS 15. Unfortunately, this coincided with an earlier announcement of an emergency software update due to a critical software vulnerability discovered within a series of Apple products. This vulnerability was identified by researchers at Citizen Lab, who found a flaw capable of allowing attackers to install invasive spyware on affected devices without the interaction of the owner.

Missing Critical Vulnerabilities Through Narrow Scoping

The typical process when scoping a penetration test is to get a list of targets from the client, which are typically a list of IP addresses and/or hostnames. But where does this information come from, and how accurate is it? Chances are the client has documentation that lists the devices they think they have, and what addresses or names they have been assigned. This documentation will form the basis of the scope when conducting testing or scanning against a target environment.