|
By Komodo Research
PDF Exports: Hidden SSRF Risk In the realm of cybersecurity, understanding vulnerabilities is paramount to safeguarding sensitive data and maintaining the integrity of systems. One such vulnerability that often lurks in the shadows is SSRF, or Server Side Request Forgery. While SSRF vulnerabilities have been extensively discussed in various contexts, today, we're going to delve into a unique perspective – exploring SSRF vulnerabilities through the lens of HTML to PDF exports.
|
By Komodo Research
As the cybersecurity landscape continues to evolve, the importance of rigorous and proactive security measures has never been more pronounced. The Network and Information Security (NIS2) Directive, an initiative by the European Union, is set to redefine cybersecurity standards for essential and important entities, emphasizing the need for robust risk management, incident response, and business continuity planning.
|
By Komodo Research
Imagine a world where digital fortresses are impervious to cyber threats – a utopia for any cybersecurity professional. Yet, we live in a realm where one misstep in cloud configurations opens the gates to potential havoc. As someone who has journeyed through the labyrinth of cybersecurity for over two decades, I've witnessed firsthand how a simple misconfiguration can escalate from a minor hiccup to a full-blown security nightmare.
From Scan to Strategy: Balancing Vulnerability Assessments with Penetration Testing in Cybersecurity
|
By Komodo Research
In the realm of cybersecurity, there's a common analogy that likens the process to a health checkup. Vulnerability scanning, in this context, can be seen as a basic health screening. It's a preliminary step, offering a snapshot of potential issues within a system. It's like getting your blood pressure or cholesterol checked during a routine visit to the doctor. These tests are essential, providing a quick overview of potential health concerns. But they don't give the full picture.
|
By Komodo Research
As our company Komodo Consulting is researching this exciting field of interest, we have prepared a short analysis of some of the exploitable attack vectors. In the era of smart vehicles, In-Vehicle Infotainment (IVI) systems have become central to enhancing the driving experience. However, with increased connectivity comes heightened cybersecurity risks.
|
By Komodo Research
In today's digital age, where enterprise organizations manage a vast array of systems, penetration testing is not just a recommendation—it's a necessity. For an organization with hundreds of systems, ensuring the security of each one is paramount.
|
By Komodo Research
In a world where cybersecurity threats are increasingly prevalent, the U.S. Securities and Exchange Commission (SEC) has taken a significant step towards ensuring transparency and accountability in how companies manage these risks. The SEC has adopted new rules requiring companies to disclose material cybersecurity incidents and provide annual updates on their cybersecurity risk management, strategy, and governance.
|
By Komodo Research
As the digital landscape evolves, so too does the regulatory environment. One of the latest pieces of legislation to impact organizations across the EU is the Network and Information Security 2 (NIS 2) Directive. This directive, aimed at enhancing cybersecurity across the Union, has far-reaching implications for a wide range of organizations, both within and outside the EU.
|
By Komodo Research
You're cruising down the highway in your sleek, state-of-the-art electric vehicle (EV). The hum of the electric motor is your soundtrack, the open road your cinema. Your dashboard, a symphony of lights and numbers, is a live feed of your vehicle's vitals – battery levels, tire pressure, energy consumption, and more. Suddenly, your phone buzzes. It's your EV's companion app, alerting you to an unexpected battery drain.
|
By Komodo Research
Imagine, if you will, that you are the esteemed ruler of a vast digital dominion, and your applications are the lifeblood of your realm. Yet, in the boundless expanse of cyberspace, there lurk dragons of the most fearsome kind—cyber threats, data breaches, and hackers. You require a champion, a Managed Application Security Provider (MASP), to safeguard your kingdom. But how, pray tell, does one select the right one?
|
By Komodo Consulting
A short clip to demonstrate how a vulnerability in Firefox detected by Komodo's research team can lead to a file-less adware.
|
By Komodo Consulting
Step by step instruction by Komodo's expert on how to solve the first challenge.
|
By Komodo Consulting
Don from ITProTV Interviews Boaz Shunami, Komodo Consulting's CEO at RSA 2017. Boaz explains how Komodo's team delivers unique value to its fortune 500 customers with external Red-Team vs. Blue-Team exercises.
|
By Komodo Consulting
CYSNIFF is a preemptive Cyber Threat Intelligence Platform designed to help organizations and governments deal with the rapid increase of cyber threats such as planned Cyber Attacks, DDoS attacks, Persistent Threats and data Leakages. By providing real-time alerts generated automatically by our unique Artificial Intelligence engine, your organization receives prompt notifications regarding major cyber events of interest and can respond proactively.
- April 2024 (1)
- February 2024 (1)
- January 2024 (1)
- October 2023 (2)
- August 2023 (3)
- July 2023 (2)
- June 2023 (1)
- May 2018 (1)
- August 2017 (1)
- March 2017 (1)
- May 2015 (1)
Komodo Consulting enables companies to align their business and regulatory requirements and adapt to the ever-changing challenges of the information and cyber security fields.
Utilizing proprietary tools and techniques and an expert approach we provide our customers with a full range of cyber security services ranging from Application Security, Incident Response, Threat Intelligence, Training, and Penetration Testing through to Cyber Security Strategy, Risk Assessments and more.
Our Services:
- Black Box Penetration Testing: Full-spectrum, black and white box penetration testing of your systems, networks and applications to find vulnerabilities an attacker could exploit.
- Red-Team Security Testing: Our red-team engagements test resilience to real-world cyber-attacks targeting Fortune 500 companies based on the TIBER-EU framework.
- SOC2 Penetration Testing: Our Black Box Penetration Testing services uncovers hidden vulnerabilities and help achieve SOC 2, PCI, HIPAA, and ISO 27001 compliance.
- Cloud Security Assessment: We offer expert cloud security assessments for AWS, GCP, and Azure, ensuring businesses safeguard their digital assets.
- Application Security: Our team of AppSec experts has you covered for all your needs – from security assessments and design reviews to application security training.
- Third-Party Risk Management: We provide third-party risk management services for businesses, assessing security, supply chain continuity, and compliance to mitigate potential risks.
With thousands of successful Penetration Testing and Red-Team Security Testing for more than 100 happy clients, you're in the right hands.