First off, before we get into the technical details of attacking applications, a few housekeeping bits must be understood. This blog is aimed at technical individuals that already understand at a basic level Android development and architecture, aiming to give security testers and application developers an insight into the ways an attacker may interrogate code to achieve some form of compromise.

As CVE-2021-44228, a.k.a "Log4Shell" or Apache Log4j Remote Code Execution vulnerability continues to send shockwaves across the world of software, many security vendors and practitioners are rushing to provide recommendations on dealing with the crisis. If you need immediate help mitigating the impact of Log4shell, we're here for that. But the goal of this post is to look forward. This isn't the first and won't be the last high-impact vulnerability to be uncovered. So it's worth preparing your organization for the next one, so that you can respond faster, mitigate and remediate sooner - and have fewer weekends like the last one.

It was early 2003 in central Iraq, a couple of hours before dawn, 30 degree heat, and everything had a green tint through the night vision goggles. I was on an operation with a team from the US Psychological Operations forces (psyops) and an ODA (Operational Detachment Alpha) from the US Special Forces. We'd spent days gathering HUMINT (Human Intelligence) and undertaking reconnaissance on the target. The ODA team was set up for the assault, the psyops were ready to run diversionary tactics and I was on the team providing comms and perimeter security. Authorisation was given from above, the operation began, and the sky lit up with tracer rounds.

If the opinion of every UK business leader was surveyed back in February 2020, it's very likely cybersecurity wasn't at the top of their priority list. Fast forward to December 2021, and the reality is very different. Steep rises in data breaches, ransomware attacks and phishing scams in recent months, means many organisations are frantically trying to bolster their security operations, in a bid to keep pace with the evolving and progressively more complex cyber threat landscape they are now facing heading into 2022.

Cyberattacks are not a recent phenomenon, but their risk is growing. 2021 has proven that these hacks are occurring more frequently and that even the most sophisticated organisations can be threatened. The reality is that these cyberattacks will continue to be an enormous threat in 2022. Below, we have collated predictions from top cybersecurity executives on how to navigate these new challenges and ensure that your business stays safe in 2022.

Security, by its very nature, is one of the most innovative fields on the planet. Every technological advancement carries with it a handful or more of new attack vectors, which in turn lead to a dizzying amount of security innovation as our industry works to mitigate risk and defend against threats. But for all this innovation, there are a few ways in which security lags far behind.