This blog post aims to provide an overview of the state of cyber security in universities and other higher education organisations. Security has been a challenge for a long time at schools, colleges and universities. Aligning ourselves with the glass-half-full attitude, these organisations and institutions have shown good progress with basic security controls. Information security is a prerequisite for various business dealings in the public sector, grant funding and procurement processes.

Although offensive and defensive controls work towards the same goal, how do you ensure red and blue teamwork follow a collaborative approach? The answer is purple teaming. There is a gap between the red team and blue team capabilities in multiple ways i.e. approach, methodology, tool-sets and timelines. Both teams must work collaboratively and constantly to maximise their company’s investment towards ongoing defensive improvements.

There is a common tendency that the typical DAST scanner finds the easiest to locate known security vulnerabilities. If you need to find vulnerabilities that are more difficult to detect – you need the help of security experts. But what if the DAST product could behave more like an automated hacker? The Security Research team at Detectify set themselves up to solve this problem and fundamentally upgrade the way we do fuzzing in our vulnerability scanner, Deep Scan.

Recent years have seen a sharp increase in the number of reported security vulnerabilities, along with quite a few notorious attacks on enterprise applications. Organizations have reacted by increasing their investment in AppSec and DevSecOps, including the widespread adoption of AST (application security testing) tools.

The saying “Good people, great nation” truly captures the essence of Nigeria- also known as the land of hope and opportunity. It is a nation that promotes healthy business growth with vibrant people with friendly energy expressed through diverse creative expressions. The development of the fintech industry in the past few years has been a shining star in the Nigerian economy, with the potential to shine brighter—even through the hurdles posed by the ongoing COVID-19 crisis.

In this pandemic-defined era of rapid retail transformation, the digital shopping experience has become tantamount to the success of the business. As a result, retailers have redoubled their efforts to improve digital applications and services.

Hancitor (AKA CHanitor, Tordal) is a popular macro-based malware distributed via malicious Office documents delivered through malspam. In the latest campaigns, particularly active between October and December 2020, the malware has been distributed via DocuSign-themed emails asking the victims to review and sign a document. The fake DocuSign link downloads a Microsoft Word document whose malicious macro, once enabled, installs the Hancitor malware.

Every cloud has its own identity and access management system. AWS and Google use a bunch of JSON files specifying various rules. Open source projects like Kubernetes support three concurrent access control models - attribute-based, role-based and a webhook access control, all expressed using YAML. Some teams are going as far as inventing their own programming language to solve this evergreen problem.