Detectify Crowdsource hacker, Alyssa Herrera, is a full-time bug bounty hacker and web application security researcher who works to protect organizations. She was one of several Crowdsource hackers to submit a working proof of concept for File Disclosure in Pulse Secure Connect (CVE-2019-11510). This guest blog post will walk through how she developed an exploitable-payload for this vulnerability.

Serverless computing is becoming more popular as organizations look for new ways to deploy their applications in the cloud. With higher levels of abstraction, easier maintenance, a focus on high performance, and ephemeral workloads, serverless computing solutions like Lambda are finding a permanent place in the mix of cloud infrastructure options.

Domain hijacking is the act of changing the registration of a domain name without the permission of the original owner, or by abuse of privileges on domain hosting and domain registrar systems. Domain name hijacking is devastating to the original domain name owner's business with wide ranging effects.

The fact that scammers haunt Facebook and Twitter is not surprising. Even so, digital criminals don’t stop with just those two platforms. They’re also known to stalk users on LinkedIn where connections carry greater professional gravity. Fortunately, users can stay alert of such activity by familiarizing themselves with the most common types of LinkedIn scams. Here are five ruses, in particular, that should be on their radar.

Security Operations Centers (SOCs) are the nerve centers of enterprise cybersecurity programs. They should serve a critical function by helping businesses improve their security posture by monitoring, detecting, and analyzing potential cyber threats. But for a number of reasons, today’s SOCs are not doing this effectively.

Cybercrime is global, but the response isn’t. Governments in the west are slowly waking up to the importance of cybersecurity, and are (equally slowly) helping businesses to safeguard data and home users to protect their homes from cyberattack. Look outside Europe and the US, though, and the picture is radically different. African countries, in particular, are underprepared for the impact of cyberattacks, and lack the governmental expertise to deal with them.

Security researchers at Palo Alto Networks have discovered a new malware threat that targets Macs in what appears to be a sophisticated attempt to raid cryptocurrency wallets. The malware, which researchers have dubbed CookieMiner, has a variety of weapons in its armory that could make it particularly worrisome for cryptocurrency investors.

It is crucial to invest in cyber security due to state of cybersecurity today. Before making any decisions concerning the security posture of your business, you must consider the Return on Security Investment. In this article, we took a closer look at what ROSI is and how it is calculated.

One of the greatest challenges customers face when onboarding in the cloud is how to control and protect their assets while letting their users deploy resources securely. In this series of four articles, we’ll show you how to start implementing your security policies at scale on Google Cloud Platform (GCP). The goal is to write your security policies as code once and for all, and to apply them both before and after you deploy resources in your GCP environment.

In July 2019, Capital One made news headlines not for achieving another milestone but because it had been breached. Capital One was using AWS cloud services, as many businesses are doing nowadays. The problem stemmed (in part) because Capital One had a misconfigured open-source Web Application Firewall (WAF) hosted in the cloud with Amazon Web Services (AWS).