Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Lerhan: Bypassing IDOR protection with URL shorteners

Xavier Blasco (a.k.a Lerhan) is a 23-year old security researcher on the Detectify Crowdsource Platform. He’s passionate about security and found a way in through bug bounty programs. As an ethical hacker, he is naturally curious in security testing vendors which he is buying from and this time it led to bypassing IDOR protection using URL shorteners. In the following guest blog, he describes this security flaw that led him to access new client contracts on Jazztel’s platform.

SOX - Not Just for Foxes and Baseball; A Sarbanes-Oxley IT Compliance Primer

There are Red Sox, White Sox, and Fox in Socks. At the turn of the century, a new SOX entered our lexicon: The Sarbanes-Oxley Act of 2002. This financial regulation was a response to large corporate misdeeds at the time, most notably Enron misleading its board through poor accounting practices and insufficient financial oversight. The regulation seeks to ensure accurate and reliable financial reporting for public companies in the United States.

What is Vulnerability Scanning?

Vulnerability management is one of the core responsibilities of a security team. It covers assessing, reporting and if needed, mitigating on an organization’s security vulnerabilities. Yet vulnerabilities can be tackled with if and if only they are known to the IT security team. In order to find out vulnerabilities of a system or software, vulnerability scanning is conducted. It is a security technique whose purpose is identifying security weaknesses in a system.

The Rise of Ransomware as a Service (RaaS)

2019 Has been an interesting year for Ransomware thus far. After plaguing countless victims with dreaded ransom notes and bringing some pretty large corporations to their knees, the attack method built a strong reputation for inflicting cyber terror on consumers and businesses. As cyber criminals noticed increasing success from this method, the trends shifted towards more targeted enterprise attacks with the potential for more lucrative payouts.

Be the leader in the new password-volution: memorized secrets

Remember when you were younger, and you wanted to do something that all your friends were doing, yet you knew your parents would never approve? Perhaps it was skating in that home-made “Half-Pipe”, or that time you wanted to try some equally dangerous stunt? Of course, your parents disapproved, to which you probably responded with the time-honored refrain: “But everyone is doing it!” That was never a convincing argument.

End Users as the Strongest Link

“It’s okay that you don’t understand.” This comment came after I was frustrated with myself for not being born a genius at math. Usually, when you don’t know a subject or you don’t understand it enough, subject matter experts (i.e. your teachers/professors/mentors/etc) put you down for it. But this time was different because I had a real subject matter expert who cared about the end goal: students educated in math.

Countdown to CCPA: Steps to Start Getting Your Content in Compliance

The California Consumer Protection Act (CCPA), set to go into effect in January 2020, will have a big impact on companies that do business in California or collect the personal information of California citizens. Driven by growing public demand for privacy, CCPA is the latest in a line of regulations that gives individuals greater control over how their personal data can be collected, stored, purchased, or shared by private companies. Wondering what CCPA means for your business?

What is Cybersecurity Analytics?

Security analytics is not a particular tool, rather it is an approach to cybersecurity. Thorough analysis of data in order to implement proactive security measures is the essence of security analytics. It includes gathering data from every possible source to identify patterns. Nobody can predict the future but with cybersecurity analytics, you can make pretty accurate, informed guesses about it.

Four Misconceptions About Ransomware Addressed

Ransomware has been a hot topic within the cyber security industry for quite some time now. It’s an often-lucrative cyber-attack method with an attractive return on investment. The motivation behind Ransomware attacks tends to be primarily financial, as cyber criminals can’t resist such easy opportunities to achieve their malicious goals. Ransomware is effective given that almost every individual or organization owns or has access to digital assets which are valuable to them.