Ruby is a well-defined and thought-out language and has been around since the mid-1990s. In 2004, Ruby incorporated RubyGems as its package manager. RubyGems is used to manage libraries and dependencies in a self-contained format known as a gem. The interface for RubyGems is a command line tool that integrates with the Ruby runtime and allows Gemfiles to be added or updated in a project. I looked at three Ruby platforms and found vulnerabilities that were surprising, even to me.

A recent study reveals that cybercrime costs the world economy more than $1 trillion, a more than 50 percent increase from 2018. Damage to companies also includes downtime, brand reputation, and reduced efficiency. Besides installing anti-malware software to protect against cyberattacks, however, there is other security software to consider. One option is a SIEM (Security Information and Event Management) solution.

To get a better understanding of how RDP works, think of a remote-controlled toy car. The user presses buttons on the controller and makes the car move forward or backwards. He can do all that and control the car without actually contacting it; the same is the case while using RDP. This article shall help you become aware of RDP security encompassing threats, vulnerabilities and encryption practices.

In the IT world authentication is a process that verifies or identifies if a user is actually who he claims to be. This protects systems, networks, devices or applications from unauthorised access or use as only legitimate authenticated users are allowed to access the resources. Usually, user authentication is achieved by submitting a valid username or user ID and its corresponding private information (e.g. a password).

It is commonly accepted that Data is the lifeblood of every business. Unless of course, your company still does bookkeeping with pen and paper? If not, the chances are that the day-to-day operations of your business cannot function without Data. Data lasts forever and is being used in ways we can’t even imagine - almost every device is a computer producing data these days.

This blog series expands upon a presentation given at DEF CON 29 on August 7, 2021. Phishing attacks are starting to evolve from the old-school faking of login pages that harvest passwords to attacks that abuse widely-used identity systems such as Microsoft Azure Active Directory or Google Identity, both of which utilize the OAuth authorization protocol for granting permissions to third-party applications using your Microsoft or Google identity.

This blog series expands upon a presentation given at DEF CON 29 on August 7, 2021. In Part 1 of this series, we provided an overview of OAuth 2.0 and two of its authorization flows, the authorization code grant and the device authorization grant.