3 Ways to Secure Yourself From Common Web Attacks March 31st, 2020 No Comments anti-phishing, Data Privacy, Data Protection, Online Privacy, Online Safety, PC security, Uncategorized With the increase in largely-publicized security breaches to corpo

Top 10 Brand Phishing Companies March 23rd, 2020 No Comments anti-phishing, Data Protection, Online Safety, Uncategorized By 2020, you’ve probably already experienced getting an email from a well-known company, such as Apple or Facebook, letting you

byLisa VaasWelcome to Hong Kong, traveler, and to the mandatory, Disney MagicBand-esque tracking wristband we’re about to slap onto your potentially infectious arm.The city-state had already been requiring arrivals from mainland China to self-isolate at home for 14 days. But as the area undergoes a COVID-19 resurgence, mostly brought in by travelers co

  Introduction A while back during a penetration test of an internal network, we encountered physically segmented networks. These networks contained workstations joined to the same Active Directory domain, however only one network segment could connect to the internet. To control workstations in both segments remotely with Cobalt Strike, we built a tool

Coronavirus: New Phishing Campaigns Exploit the Global Panic March 15th, 2020 No Comments anti-phishing, Data Privacy, Data Protection, Online Privacy, Online Safety, PC security, remote work, Uncategorized Unless you’ve been in complete lack of con

On March 10, 2020, during its monthly Patch Tuesday, Microsoft published the advisory ADV200005 for a critical Remote Code Execution (RCE) vulnerability on Server Message Block (SMB) 3.1.1. Microsoft released the advisory after Cisco Talos accidentally published details on the same day. Both Cisco Talos and Fortinet released advisories for the vulnerabilitie

the k8s-security-configwatch GitHub Action, an open source tool from Sysdig, secures your GitOps workloads by detecting changes on your Kubernetes security configuration. Imagine this scenario: The Secure DevOps team of the “Kubernetes Swag” store is going crazy investigating a security alarm; their Kubernetes containers keep being comprom

Experts from Cybaze/ Yoroi Zlab spotted a new sample of the Karkoff implant that was employed in past campaigns associated with Iran-linked APT34 group.Experts from Cybaze/ Yoroi Zlab spotted a new sample of the Karkoff implant that was employed in past campaigns associated with Iran-linked APT34 group. Introduction In November 2018, researchers from C

Monitoring kube-controller-manager is important, as it is a main component of Kubernetes control plane. Kube-controller-manager runs in master nodes and it takes care of the different controller processes. These controllers watch the status of the different services deployed through the API and take corrective actions in case real and desired status don’t

Experience Kubernetes OOM kills can be very frustrating. Why is my application struggling if I have plenty of CPU in the node? Managing Kubernetes pod resources can be a challenge. Many issues can arise, possibly due to an incorrect configuration of Kubernetes limits and requests. In this article, we will try to help you detect the most common i

Current Problem When working in an unknown network, some of the most important pieces of information to have are appraisals of current assets and information contained on them. This is important for any security professional, from tester to defender. Given the prevalence of Active Directory (AD) in most Windows environments, gaining a clear inventory of t

When TrustedSec first started, the vision was to build a team of amazing individuals that were passionate, dedicated, and focused on helping organizations fix the issues they face in cybersecurity. While we may have accomplished this, there’s always more to do. At TrustedSec, our mission to contribute to the industry and community has always remained strong.

Author: Ruud van Luijk Attacks need to have a form of communication with their victim machines, also known as Command and Control (C2) [1]. This can be in the form of a continuous connection or connect the victim machine directly. However, it’s convenient to have the victim machine connect to you. In other words: It has to communicate back. This blog describ

A staggering number of UC Browsers and mini Android apps of the same name may have been vulnerable to Man-in-the-middle or MiTM attacks. This happened when they downloaded an APK, Android Package Kit from an unauthorized or third-party server over insecure channels. Hackers can use MiTM to spy on the devices and change or intercept any communications. This

5 Major Cybersecurity Trends for 2020 January 8th, 2020 No Comments anti-phishing, Mobile Security, Online Safety, PC security, Ransomware, Uncategorized 2019 is gone and a new decade is in sight. 2020 is said to be a year that will bring on many ch