Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers to take control of the affected router models without needing any login credentials.

With over 100 million users and partnerships with Microsoft, Reddit, Stack Overflow, and more, ChatGPT has become the herald of an AI revolution since its launch in late 2022. The rise of this AI-powered natural language processing tool comes down to two distinct features: its conversational nature, which allows anyone to ask questions and receive detailed and helpful responses, and its access to a global knowledge base.

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is an important legislation that outlines how critical infrastructure sectors should deal with cybersecurity threats. CIRCIA strengthens cyber defenses by establishing comprehensive reporting requirements for cyber incidents and ransomware payments.

Cybersecurity is a critical concern for organizations of all sizes. Implementing robust security measures is a best practice and essential to protect against increasingly sophisticated cyber threats. However, the challenge is often more significant for small and medium enterprises (SMEs) due to limited resources, lack of security expertise, and other common obstacles.

FedRAMP, the federal risk and authorization management program, is a comprehensive and structured way to develop a security – mostly cybersecurity – position when working with the federal government. It’s a framework meant for contractors and third-party businesses that handle information for the government and who need to keep it secure. The question is, if you’re a cloud service provider, what are the benefits of implementing FedRAMP?

ISO 27001, the internationally recognised standard for information security management systems (ISMS), provides a framework for organisations to protect their valuable information assets. Penetration testing is crucial in preventing data breaches and maintaining the business’s reputation. ISO 27001 strongly recommends it as a critical tool for assessing an organisation’s security posture and ensuring compliance with control A.12.6.1, which focuses on managing technical vulnerabilities.

The Payment Card Industry Data Security Standard (PCI DSS) is a global cornerstone for safeguarding cardholder data. PCI DSS version 4.0, the most recent iteration, emphasises a dynamic, risk-based approach to security, compelling organisations to tailor their controls to their unique environments. PCI DSS penetration tests are crucial for meeting and maintaining security standards.

This is a Bulletproof Tech Talk article: research from our penetration testing team covering issues, news, and tech that interests them. It’s more technical and in-depth that our usual blog content, but no less interesting. In the complex landscape of Active Directory, ensuring secure and appropriate access is a constant challenge. Recently another "ESC" technique has been released which is known as ESC13.

Knowing what you don’t know is the key to keeping an organization safe and the best method of doing so is with an offensive security approach that includes vulnerability scanning. By being proactive one can identify exploitable weaknesses in your own systems before malicious actors can. Here's why vulnerability scanning is an essential part of any offensive security solution: Vulnerability scanning is just one piece of the offensive security puzzle, but it's a crucial one.

If you save your passwords in a browser password manager, your passwords may be at risk of becoming compromised. This is because browsers frequently remain logged in, meaning if someone gained access to your device they’d have access to all your stored passwords. Additionally, if your browser were to become compromised, everything stored in your browser would also be at risk of becoming compromised due to weak encryption standards.