Web application security is crucial for any organization that relies on web-based applications. Learn about the importance of web application security and best practices for keeping your organization safe. The importance of web application security cannot be overstated. As organizations move towards web-based applications and services to run their business and connect with customers, it is becoming more vital than ever to secure those systems from malicious attacks.

The Hive Gang is a Ransomware as a Service (RaaS) providers first identified in June 2021. Although relatively new, their aggressive tactics and ever evolving malware variants have made them one of the most successful RaaS groups of its kind. Find out how the group has risen through the ranks with their advanced ransomware kit, API based portal and negotiation services.

This month we’re introducing you to GhostSec, a hacktivist group with ties to the Anonymous collective

In the last phishing blog we discussed how modern phishing works on the frontend. Read on to find out how threat actors can easily find and authenticate a suitable domain by modifying both Gophish and Evilginx to evade security controls In the last phishing blog we discussed how modern phishing works on the frontend. Here we go behind the scenes to dissect how to configure and authenticate a good domain for your phishing campaign using Apache as Reverse Proxy. Excited? You caught the hook, read on!

Social engineering is the art of manipulating people so that they give up confidential information or perform an action you ask them to do. Social engineers are usually trying to trick victims into giving them their credentials, bank information or access to computers to secretly install malicious software. Find out how phishing actually works and what you can do to reduce the risk.

Social engineering is the art of manipulating people, so that they give up confidential information or perform an action you ask them to do. Read and learn first hand how modern phishing works to trick victims into giving up their credentials, bank information or computer access to secretly install malicious software. Adversaries use social engineering tactics because it is often easier and quicker to exploit human nature than to hack their way in.

During the recent Rootedcon conference in Spain, we delivered a talk about ransomware, and this blog post serves as a commentary of the insights presented about Ransomware as a Service (RaaS): how it really works; how the threat actors operate these attacks; and how organizations can analyze the attacks and take preemptive measures in the event of future attacks.

Ransomware is the biggest cyber threat to businesses. First burst onto the scene in 1989, it has evolved significantly over the past few years from widespread attacks to highly targeted ransomware-as-a-service (RaaS) operations affecting organizations of all sizes and sectors. This article takes a look at the evolution of the ransomware ecosystem – what it looks like today, and how it has changed over time.

Jester stealer is an information stealer that has been around since mid-July 2021. Originally sold by the Russian speaking threat group "Jester_Stealer", in several underground forums and Telegram channels, they operate under a Malware-as-a-Service (MaaS) model and present themselves as a group of programmers. Here we delved into the Jester stealer functionalities with a code-level analysis and highlight the possible link between Jester stealer and the new breed of Eternity stealer.