Audits from Trail of Bits give organizations ways to fix their current issues and provide them with a roadmap to prevent the same security problems from occurring in the future. However, product teams don’t always implement the recommendations. This may be due to a lack of resources, a lack of institutional motivation, or several other internal reasons. Even

There’s an important shift happening in the cloud security industry: organizations are looking for an integrated platform that connects the dots between several key security use cases from source through production. Whether it is for tool consolidation, consistent end-to-end experience, or “one throat to choke,” customers are increasingly choosing a platform

Cyber Essentials is a practical, government-backed scheme that will assist you in protecting your UK-based organization, no matter how large or small, against a wide range of common cyber attacks.It assists the UK’s most critical organizations, the wider public sector, industry, SMEs, and the general public. When incidents occur, they provide an effect

The year is 2030. The world is full of smart mega cities, digital surveillance is openly ubiquitous, cash transactions no longer exist, wired connections remain for only the most demanding data flows, the “Internet of Things” age is over and the “Everything is Internet” age is here, and we churn out data with every heartbeat –

MITRE ATT&CK and MITRE D3FEND are both frameworks developed by the non-profit organization MITRE, but they serve different purposes. MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a knowledge base of adversarial tactics and techniques that can be used during cyber attacks. It is used to understand the methods and tools th

Custom metrics are application-level or business-related tailored metrics, as opposed to the ones that come directly out-of-the-box from monitoring systems like Prometheus (e.g: kube-state-metrics or node exporter) By kickstarting a monitoring project with Prometheus, you might realize that you get an initial set of out-of-the-box metrics with just Node E

Telus is now investigating the possibility of a data breach affecting its corporate data. The Canadian telecom company started looking for an incident after hackers posted samples of Telus’ information, as they pretend.The sample contains employee data, source code, and payroll records. But, until now, the organization did not found proof of an attack.What D

During the recent Rackspace ransomware attack, the company confirmed hackers accessed customer data. Rackspace staff and cybersecurity researchers have been investigating the incident since it occurred, and new information has emerged.The attack, which Rackspace first confirmed on December 6, 2022,  impacted the company’s hosted Exchange Email service,

By Vasco Franco In part one of this two-part series, we escaped Webviews in real-world misconfigured VSCode extensions. But can we still escape extensions if they are well-configured? In this post, we’ll demonstrate how I bypassed a Webview’s localResourceRoots by exploiting small URL parsing differences between the browser—i.e., the Electron-created Chromiu

Europol put an end to the operations of a Franco-Israeli CEO fraud group. The threat actors used business email compromise (BEC) attacks to steal money. This led to €38,000,000 stolen in just a few days from one organization.Details About the Europol InvestigationIt took the collaboration between Europol, French, Croatian, Hungarian, Portuguese, and Spanish

In August 2022, the threat intelligence and cybersecurity company Cyble found 8,000 virtual network computing (VNC) instances exposed online. Additionally, this research revealed that most of these ports are in the United States, China and Sweden — putting many critical infrastructure companies at risk of attack. In an age where cybersecurity threats

Reverse Tabnabbing is an attack where a page linked from the target page is able to rewrite that page, for example to replace it with a phishing site. Here, the redirection happens through links  from the parent site to attacker’s site. In tabnabbing attackers take advantage and control of victims unattended browser tabs by hijacking and redirect

Whether your company is subject to stringent cybersecurity regulatory requirements or you want to strengthen your overall security, encryption as a service is an effective way to protect sensitive data at rest and in transit.The thing is, many businesses need help properly encrypting all the data on their machines, servers, and the cloud. And this is exactly

The U.K. sports-fashion retail company JD Sports announced that one of its servers suffered a data breach. The server was holding details about the online orders of 10 million customers.All the information stored in the attacked server related to purchases made between November 2018 and October 2020.Details About the Data BreachJD Sports warned customers abo

We are sure that you already heard of spyware, but are you curious to dive deeper into the consequences and types of this malware infection?This sneaky malicious software may be collecting your data as we speak, with only a few signs to give it away. Fortunately, there are ways to protect yourself, your data, your devices, and also software that can keep spy