Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

5 Essential Steps to Improve Cybersecurity Maturity

From small- and medium-sized organizations to large enterprises, every business is under continuous threat of security risk in today’s digital world. With the growing digital footprint and cloud adoption, organizations continue to experience sophisticated cyberthreats that hold the potential to disrupt business continuity. A vast majority of these threats can go undetected, or they can be detected too late for an organization to avoid the exposure and the associated risks.

What Is Password Spraying, and How Can You Spot and Block Attacks?

In 2019, a data heist at Citrix shook the cybersecurity world. The attackers stole business documents from a shared network drive and from a drive associated with a web-based tool used in Citrix’s consulting practice. The hackers gained this access to Citrix’s IT infrastructure through a password spraying attack, a technique that exploits weak passwords, leading to criticism that the software giant needlessly compromised its clients by failing to establish a sound password strategy.

CyRC analysis: Circumventing WPA authentication in wireless routers with Defensics fuzz testing

Three WPA authentication bypass vulnerabilities were found in wireless routers using the Defensics fuzz testing tool. WPA3 will become a mandate for all new wireless devices, which can only be a good thing considering the number of vulnerabilities found in WPA2 implementations. Learn about the basic concepts (and common weaknesses) of WPA authentication, how these vulnerabilities work, and how proactive fuzz testing can identify and address similar issues in WPA implementations.

Phishing Emails - Less Ocean, More Aquarium

Here at Splunk, when we discuss Splunk Phantom with customers we end up talking about phishing pretty frequently because it’s something like Olivia outlined in a recent blog post, "Between Two Alerts: Phishing Emails — Don’t Get Reeled In!", customers both encounter and talk to us about all the time. It makes a lot of sense — phishing is a super common issue that almost everyone deals with ad nauseum and it’s annoying to investigate.

Biometrics: Improving Security for Working from Home

Biometrics has been around for a long time but has only had limited adoption until recently. I was involved in some of the early commercial biometric devices way back in 2000; the company I was working for at the time investigated the possibility of using them, but back then the false positive rates on the devices we investigated were way too high – either people could not authenticate or it was authenticating the wrong people.

Making the Most of a Hardening Market for Cyber Insurance - Kovrr

Join us for a webinar that discusses alternative data points insurers can use to make more data-driven decisions for their renewal strategy focused on policy profitability. Included in the pannel discussion is Laura Johnson, Cyber Practice Head, Chauser, Visesh Gosrani, Chair of the IFoA Cyber Risk Working Party, Amir Kessler, Cyber Risk Expert & Product Manager, Koverr and Marty Ellingsworth, Senior Analyst, Celent.

Fixing Credit Card Hack in OpenCart Store - Step-By-Step Process From Locating to Malware Removal

With the increasing popularity of e-commerce platforms like OpenCart, the cases of malware infections have also risen. Hackers and cybercriminals have been modifying the core files of these CMSs to steal the credit card information of store customers.

Duped, deluded, deceived: How disinformation defrauds you

The rise of social media has no doubt been one of the major revolutions of the 21st century. It’s brought about a whole new way for people to connect and share information with others, regardless of their geographical locations. But along with these more noble intentions of social media, there will always be abuse of these platforms – and one of the big ones is the spread of disinformation.

njRAT Rising - The Increase in Activity of the Remote Access Trojan

First identified as active in November 2012, 'njRAT', also known as 'Bladabindi' or 'Njw0rm', is a well established and prevalent remote access trojan (RAT) threat that was initially created by a cybercriminal threat group known as 'Sparclyheason' and used to target victims located in the Middle East. Undoubtedly following the source code leak, reportedly in May 2013, njRAT has become widely available on the cybercriminal underground with numerous variants being released over the years.