(Ghostwritten for Codina Sabau) The days when information security was far down the list of priorities are long over. In the age of cloud storage and SaaS providers, sensitive data is more accessible than ever but also more exposed and easier to lose if not properly protected. Recent world trends and events have also led … Continue reading How DLP can help you with ISO 27001 compliance
On July 11, 2022, the Cyber Safety Review Board (CSRB) published a report on Log4Shelstating that organizations should be prepared to address Log4j vulnerabilities for years to come. We’re taking a look at the reasons why Log4shell is not going to go away. Significant vulnerabilities bear a striking resemblance to viruses like COVID-19. Is COVID-19 … Continue reading Why the Log4Shell vulnerability will never become yesterday’s news
(Ghostwritten for Tim Deluca-Smith) Go back ten years, and there wasn’t a month that went by without reports of a USB memory stick containing customer PII being lost or stolen. Since that time, improved security awareness, and technology, have reduced such incidents. However, recent reports of a Japanese contractor who lost USB memory sticks containing the … Continue reading Yes, people are still losing data via USB memory sticks in 2022.
(Originally published in SC Magazine) News came out last week that Zola had been the latest victim of a credential stuffing attack. The fancy name credential stuffing simply means that the attacker accesses a database of log-ins and passwords stolen from other sources and tries to use the same log-ins and passwords on other sites, such as Zola. … Continue reading The Zola credential stuffing attack: Who’s to blame?
I am continuously working on the content for Invicti Learn – an encyclopaedia-like project that aims to cover as many topics as possible related to web application security. https://www.invicti.com/learn/
(Ghostwritten for Dale Schembri) Smart devices are becoming commonplace, and not just for personal use. IDC estimates that by 2025, there will be at least 41.6 billion smart devices connected to the Internet and that figure is getting closer every day – reaching more than 10 million in 2021 already. Multiple sources report that 83% … Continue reading Hacking smart devices – the silent threat
(Ghostwritten for Sean Cohen) Our DDoS partner NETSCOUT recently published the NETSCOUT Threat Intelligence Report Issue 7, covering the first half of 2021 and analyzing the DDoS landscape and related threats. Similarly, our connectivity partner, Telia Carrier, released the DDoS Threat Landscape Report 2021, which covers all of 2020. The general result of both these reports … Continue reading The Current DDoS Threat Landscape – Will It Ever Get Better?
The Fall 2021 Invicti AppSec Indicator has made us aware of an incredibly high percentage of development teams that have admitted to skipping security steps. There is a 70% chance that this happens in your business, leaving your web applications exposed to malicious hacker attacks. Here are potential reasons that you should explore as a business leader, along … Continue reading 7 reasons why development teams skip security steps
On December 10, 2021, a serious vulnerability was discovered in the Apache Log4j framework, which is commonly used by most Java installations. The vulnerability, dubbed Log4Shell or LogJam, was identified in the NVD as CVE-2021-44228 and, to quote one of Acunetix original creators and primary security experts, Bogdan Calin, “it’s the biggest vulnerability we have ever seen, which … Continue reading Critical alert – Log4Shell (CVE-2021-44228 in Log4j) – possibly the biggest impact vulnerability ever
Businesses like yours have different reasons to move to the cloud. Some do it primarily to save on hardware. Others go further and outsource services to reduce the need for their own resources. Those who want to outsource administration and related services often believe that this outsourcing also includes cybersecurity. But does it? The big … Continue reading The false sense of security in the cloud