Penetration testing is a cornerstone of any mature security program and is a mature and well understood practice supported by robust methodologies, tools, and frameworks. The tactical goals of these engagements typically revolve around identification and exploitation of vulnerabilities in technology, processes, and people to gain initial, elevated, and administrative access to the target environment.

The financial industry experienced the second-highest data breach cost in 2023, according to IBM. This includes breaches that affected credit unions as well as other financial institutions. But, despite costs, what else is at stake if a credit union is breached? If a credit union is breached, customer Personally Identifiable Information (PII) is at risk of being exposed and used for malicious purposes such as identity theft and fraud.

When it comes to the Olympic Games, the first thought on people’s minds is not usually about managing their cybersecurity. While the Olympics are home to the best of the best athletes, it is also home to trained cybercriminals who seek to profit off the large scale event for their own gain. With the Paris Olympics this summer congregating in over 16 cities in France, there is an abundance of opportunities for cybercrimes such as phishing scams and fake ticket sales to occur.

A website directory, also known as a virtual directory functions similarly to a folder on a local machine, however, it exists on the web server’s file system and provides a structured and secure way to organize website content on an IIS server. Website directories act as logical containers for all the files that make up your website, including HTML pages, images, scripts, music, configuration files, and application binaries. Permissions assigned to directories control access to their contents.

Trustwave has launched six new Microsoft-focused offerings that will bring clients greater security, resilience, and a higher return on their investment by helping optimize their Microsoft 365 enterprise plan to take full advantage of all of its security features.

On May 20, 2024, Live Nation discovered and disclosed an unauthorized activity in its third-party cloud database environment, which was eventually identified to be Snowflake, in its SEC filing. The database contains information regarding the company, primarily from its Ticketmaster subsidiary. Following this filing and in the following days, analysts discovered multiple clients of Snowflake have had data posted on the Dark Web for sale.

Today’s cyber threats continue to evolve at pace as adversaries compress the time between initial entry, lateral movement, and breach. At the same time, the rise of generative AI has the potential to lower the barrier of entry for low-skilled adversaries, making it easier to launch attacks that are more sophisticated and state of the art.

The Red Team Chronicles is a hacker comic that this month is looking at the endeavors of Jason Haddix and how he and his team got access to a bank via a shred bin using some thrifty techniques.

Choosing the right software to defend your organization, both in real-time and in retrospect, is one of the most important decisions an organization can make. Security teams need to be able to view activity and affect access quickly, and that becomes more difficult at bigger, complex enterprises. A classical approach to this problem is role-based access control (RBAC), but for many organizations, multitenancy is a better fit.