After our recent successes exploring WebSocket Hijacking vulnerabilities, we decided to expand this research project into other attacks that involve WebSockets. We started by looking at WebSocket smuggling attacks and expanded our scope to include HTTP response header injection attacks and potential novel impacts.

It’s that time again — for a brand new major release. Our team releases major versions of Teleport every 4 months. Here we introduce Teleport 16. This post goes into detail about Teleport 16 breaking changes, bug fixes and improvements. In Teleport 16, we focused on new features and enhancements to enable our customers to implement mitigations to protect against an IdP Compromise.

Artificial Intelligence (AI) is the buzzword du jour of not just tech, but the entire online world. We see it in the daily headlines of everything from industry stalwarts such as Wired (There’s an AI Candidate Running for Parliament in the UK) through the stiff-collared set at the Wall Street Journal (What the Apple-OpenAI Deal Means for Four Tech Titans). Everyone who is anyone is talking about it, training it, or trying leverage against it.

Scammers are now impersonating legitimate services like Booking.com and Kayak to target people planning their summer vacations. One out of every 33 vacation-themed domains registered last month was malicious, researchers at Check Point warn. “In May 2024, Check Point Research (CPR) detected a significant surge in summer-related cyber scams, highlighting the need for travelers to stay informed and proactive in safeguarding their personal information,” the researchers write.

IIS hardening can be a time-consuming and challenging process. PowerShell can help you achieve hardened IIS security settings to some extent, but it still requires hours of testing to ensure that nothing is broken. CSS by CalCom can automate the IIS hardening process with its unique ability to “Learn” your network, eliminating the need for lab testing while ensuring zero outages to your production environment.

In this mad, mad world of breaches, organizations are scrambling to keep their heads above water. It's like trying to navigate a minefield while blindfolded and riding a unicycle — one wrong move, and everything goes up in flames. So, how do you know your security controls are up to the task of defending your organization? This is where red teaming comes in.

Throughout history, technology has been a catalyst for solving many civilizational problems. The advent of artificial intelligence (AI) presents an incredible opportunity to combat cybersecurity risks and bolster the defenses of organizational IT networks. The good news is that it’s already making an impact by reducing the average dwell time of cyber attacks by as much as 15%. But AI holds much more promise.