"White Hat" Hackers Will No Longer Face Prosecution, DoJ Says
Read also: GM hit by a cyberattack, the Conti ransomware gang shuts down operation, and more cybersecurity news of the week.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Hacking
Webinar: "I get paid to hack your company and these are the controls I hate most!"
Drawing on over three decades’ experience in penetration testing for global organisations of all sizes, this webinar outlines some of the most common attack methods in use today and shares effective approaches for tackling them. The session on will detail the most effective security controls to prevent and mitigate common types of cyber-attacks.
A Problem Like API Security: How Attackers Hack Authentication
There is a sight gag that has been used in a number of movies and TV comedies that involves an apartment building lobby. It shows how people who don’t live there, but who want to get in anyway, such as Girl Guides looking to sell cookies to the tenants – simply run their fingers down every call button on the tenant directory, like a pianist performing a glissando, knowing that at least one of the dozens of apartments being buzzed will let them in simply out of reflex or laziness.
Hack a vulnerable OWASP Node.js app
Node.js is popular and makes a great platform for developing web applications. The OWASP NodeGoat project provides an environment to experiment and learn how some of the OWASP Top 10 security risks apply to web applications developed using Node.js, and also how to fix the mitigate these concerns.
Is the perimeter dead?
This question still triggers some interesting discussions among security professionals. Does the perimeter still exist, or has it become impossible to outline due to the immense asset list and expansion of an organization’s attack surface? Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of.
What are organizations doing wrong when it comes to security?
What are organizations doing wrong when it comes to security? While today’s code-quality security is good, the sharing between each domain or principle is lacking, such as using infrastructure as code. Some people have become lazy, using other people’s templates and sometimes without knowing the security details. There is no technical depth (the rule now is; if it works, it works). Security metrics are valued by the exploitation that happens. We learn by being hacked, and that is not how it should work.
Understanding pentesting vs an automated hacker-powered tool
Penetration testing is a vulnerability detection mechanism that uses multistep and multivector attack scenarios to find vulnerabilities and attempts to exploit them. While some companies might be continuously pentesting, others don’t at all, this is often due to lacking security culture, budget limitations, or both.
Your social media account hasn't been hacked, it's been cloned!
A recent Facebook post from a family member made me realize that I needed to write about an overused term. A term, that when used, causes chaos and concern. I don’t blame the family member for using it, I’ve seen it used hundreds of times over the past few years and I’ve seen IT and cybersecurity professionals respond without correcting, even, on occasion, offering bad advice.
Can SIM Cards Get Hacked?
Yes, even basic technology like SIM cards poses the risk of getting hacked. Today, cell phones have almost become tiny supercomputers, so users must learn how to secure their mobile phones. From social engineering scams to SIM hijacking, sensitive data can easily become compromised without adequate cybersecurity awareness. Learn more about why SIM card hacking is on the rise and how you can prevent it from happening.
Measures that actually Do reduce your hacking risks
Robert Bigman, former CISO of the CIA offers tried and proven hacking risk measures that are "must haves" in any organization's cybersecurity toolkit.