Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

What Type of Vulnerabilities Does a Penetration Test Look For?

Penetration testing is becoming increasingly popular as organizations are beginning to embrace the need for stronger cybersecurity. But there are still too many businesses that don’t fully understand the benefits of regular security testing. Pen testing is vital for any kind of organization with an IT system or website. A recent survey of penetration testers revealed that 88 percent of those questioned said they could infiltrate organizations and steal data within 12 hours.

How to Create Incident Response Plan Steps for Data Breaches

An estimated 34 percent of companies have experienced data breaches in the last 12 months. With those odds, every organization should be prioritizing cyber security and cyber attack management. Take the time now to put together a data breach incident response plan utilizing these steps, so if your organization is affected, you’ll be able to respond as quickly and effectively as possible. Here are some key steps the plan you create should include.

Abuse MITM possible regardless of HTTPS

Almost ten years ago Firesheep made the news. Security people had known for years the danger of public WiFi-networks, but it was not until someone made a user-friendly Firefox extension out of the idea until it really got people’s attention. Since then a lot has happened to the web, so would something like that still be possible?

Detectify security updates for 29 November

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

November turns bad for Microsoft & Instagram!

Data breach is a major player when it comes to causing financial as well as reputational losses to a business. With the implementation of laws such as GDPR and a plethora of privacy debates going across the globe, unethical data collection or poor coding practices are the new players in the town. In the last two weeks, Microsoft and Instagram have been in the news – one for collecting MS Office user data while other for displaying passwords in the plain text.

S3 Security Is Flawed By Design

Amazon S3, one of the leading cloud storage solutions, is used by companies all over the world to power their IT operations. Over four years, UpGuard has detected thousands of S3-related data breaches caused by the incorrect configuration of S3 security settings. Jeff Barr, Chief Evangelist for Amazon Web Services recently announced public access settings for S3 buckets, a new feature designed to help AWS customers stop the epidemic of data breaches caused by incorrect S3 security settings.

Cybercrime: There Is No End in Sight

Whoever said “crime doesn’t pay” hasn’t been following the growth of cybercrime across the globe. A thriving underground economy has evolved over the past decade to become a massive industry. Estimates in the Web of Profit research paper show cybercriminal revenues worldwide of at least $1.5 trillion – equal to the GDP of Russia. If cybercrime was a country, it would have the 13th highest GDP in the world…

Tripwire Products: Quick Reference Guide

Here at The State of Security, we cover everything from breaking stories about new cyberthreats to step-by-step guides on passing your next compliance audit. But today, we’d like to offer a straight-forward roundup of the Tripwire product suite. Get to know the basics of Tripwire’s core solutions for FIM, SCM, VM and more. Without further ado…