The Zola credential stuffing attack: Who’s to blame?

(Originally published in SC Magazine) News came out last week that Zola had been the latest victim of a credential stuffing attack. The fancy name credential stuffing simply means that the attacker accesses a database of log-ins and passwords stolen from other sources and tries to use the same log-ins and passwords on other sites, such as Zola. … Continue reading The Zola credential stuffing attack: Who’s to blame?

Hacking smart devices – the silent threat

(Ghostwritten for Dale Schembri) Smart devices are becoming commonplace, and not just for personal use. IDC estimates that by 2025, there will be at least 41.6 billion smart devices connected to the Internet and that figure is getting closer every day – reaching more than 10 million in 2021 already. Multiple sources report that 83% … Continue reading Hacking smart devices – the silent threat

The Current DDoS Threat Landscape – Will It Ever Get Better?

(Ghostwritten for Sean Cohen) Our DDoS partner NETSCOUT recently published the NETSCOUT Threat Intelligence Report Issue 7, covering the first half of 2021 and analyzing the DDoS landscape and related threats. Similarly, our connectivity partner, Telia Carrier, released the DDoS Threat Landscape Report 2021, which covers all of 2020. The general result of both these reports … Continue reading The Current DDoS Threat Landscape – Will It Ever Get Better?

7 reasons why development teams skip security steps

The Fall 2021 Invicti AppSec Indicator has made us aware of an incredibly high percentage of development teams that have admitted to skipping security steps. There is a 70% chance that this happens in your business, leaving your web applications exposed to malicious hacker attacks. Here are potential reasons that you should explore as a business leader, along … Continue reading 7 reasons why development teams skip security steps

Critical alert – Log4Shell (CVE-2021-44228 in Log4j) – possibly the biggest impact vulnerability ever

On December 10, 2021, a serious vulnerability was discovered in the Apache Log4j framework, which is commonly used by most Java installations. The vulnerability, dubbed Log4Shell or LogJam, was identified in the NVD as CVE-2021-44228 and, to quote one of Acunetix original creators and primary security experts, Bogdan Calin, “it’s the biggest vulnerability we have ever seen, which … Continue reading Critical alert – Log4Shell (CVE-2021-44228 in Log4j) – possibly the biggest impact vulnerability ever

The false sense of security in the cloud

Businesses like yours have different reasons to move to the cloud. Some do it primarily to save on hardware. Others go further and outsource services to reduce the need for their own resources. Those who want to outsource administration and related services often believe that this outsourcing also includes cybersecurity. But does it? The big … Continue reading The false sense of security in the cloud

Secure coding practices – the three key principles

All security vulnerabilities are the result of human error. Most web application vulnerabilities and API security issues are introduced by developers. Therefore, the best approach to building secure applications is to do all that is possible to avoid introducing such errors in the first place instead of fixing them. You can find several detailed guides on how … Continue reading Secure coding practices – the three key principles

What is website security – how to protect your website from hacking

You protect your every office computer with an antivirus. You install firewalls to prevent unwanted access to your network. But what do you do to secure your website? And what can happen if it’s not secured? This article is aimed at website owners that are not experts in website security or web application security – … Continue reading What is website security – how to protect your website from hacking