IT Security

[ Introduction On July 10th, Apple released a “Rapid Security Response” to fix a code execution flaw in the Webkit browser component found in iOS, iPadOS, and macOS Ventura. Although this, update was pulled back the subsequent remediation, was released in quick succession on July 12th. In fact, Apple has long held a reputation as a leader in user privacy and security. Their commitment to protecting user data and maintaining robust defense mechanisms against cyber threats has made the tech giant synonymous with trust and reliability in an era of rapid digitization. After the release of their new VR wearable “Vision Pro”, Apple has also promised they won’t share eye focus movement due to security risks, marking another instance where Apple seems dedicated to their user’s security.  Admittedly, Apple’s products often carry a premium price tag, reflecting the advanced security and privacy features they offer. Yet, in the increasingly hostile…

Read more

Lessons From LastPass Breach

Password management firm LastPass admited to being PWNED by hackers.  If you are a customer, your data was potentially breached and so us “Paranoid Androids” will be spending a significant amount of the holidays changing passwords and double checking our MFA settings.  The bad guys apparently got away with a massive stash of customer data, including password vault data that could be compromised by brute-forcing or guessing master passwords.  So much for the “Zero Knowledge” strategy, or is this it working? Is this as bad as it could get in terms of password manager security? I guess the only thing that could compromise your passwords quicker would be an attacker literally looking over your shoulder (known as shoulder surfing) while you type your username and password in. But, well now, let’s look on the bright side, as long as you have diligently respected the power of keyspace and dutifully used…

Read more

What is a XSRF attack? XSRF, also known as Cross-Site Request Forgery, is a type of attack that involves tricking a user into making a malicious transaction with a website without their knowledge. This can occur when a user is logged into a website and visits a malicious website or clicks on a malicious link. The attacker can then use the user’s active logged in status on another website to make requests on the user’s behalf, potentially allowing the attacker to perform unauthorized actions or access sensitive information. XSRF attacks can be prevented by implementing proper authentication and authorization measures on the website, such as using unique tokens for each user session. What is a session hijacking attack? Session hijacking is a type of cyberattack where an attacker takes over a user’s active session on a website or application and gains unauthorized access to the user’s account. This can be…

Read more

What Is A Virtual Private Network (VPN)?

What is a VPN? A VPN, or Virtual Private Network, is a type of technology that allows a user to securely access a private network and share data remotely through public networks. VPNs use encryption and other security measures to protect the data being transmitted over the network and prevent unauthorized access to the private network. This allows individuals to securely access their organization’s network, access sensitive information.  Also, VPNs are used by internet user’s to browse the internet anonymously.  This is possible because the commercial VPNs will allow a user to change their source IP address which confounds website’s ability to track them. Additionally, companies can use VPNs to securely connect their internal networks with the networks of their partners or clients, allowing them to securely share data and other resources. This can improve collaboration and communication within and between organizations. What are the different types of VPNs? There…

Read more

Why is user awareness training important for IT security? Phishing operations represent 41% of cyber breach incidents according to the IBM X-Force report. Deloitte estimates phishing to be the initial attack vector in 91% of cyber breaches.   These estimates put phishing at the forefront of corporate attack surface because they identify phishing as the most successful method used by attackers to compromise a system and gain initial access to a victim’s network.  In response, organizations need to increase their resilience against phishing and other types of social engineering attacks. By testing their staff’s ability to effectively identify phishing attempts and malspam and providing educational material, an organization can identify potential weaknesses and reduce the chance that an employee will fall prey to an attack.  Of course, secondary cybersecurity measures should be in place to detect and respond to a successful phishing attack, user awareness training is a good practice…

Read more

@0x0SojalSec tweeted out a pure genius one-liner for automated SQL Injection pentesting and it while it was mind-blowing, it is also useful to dissect into the various elements.  Along the way we can learn some great tools for command line penetration testing! Check out the original tweet or the image below: This is a great example of how automated toolkits can provide do a lot of work that doesn’t cost a lot of time.  So, let’s disect the command and learn 5 great command line tools from @0x0SojalSec’s sorcery that will certainly prove useful on a pen-testing engagement. #1 – subfinder Subfinder is a command line tool from ProjectDiscovery.io  that accepts a top-level domain and will return a set of subdomains from historical DNS records.  Whenever relying on historical DNS records, the output is only as good as the service’s repository of historical data, but ProjectDiscovery’s service is top notch. …

Read more

Nessus is an enterprise vulnerability scanner that can perform external and internal credentialed scans and can support a continuous vulnerability management program.  Nessus favors ease of use as compared to granular control over scanning which allows quick and efficient scanning configuration.  Nessus comes with many pre-configured scans for PCI-DSS, compliance OVAL, and SCAP scanning, and many scans for novel threats such as Solarigate, CISA threat advisories, Log4Shell, Ransomware attacks, and more. Watch the video below to get the full scoop on how Nessus can support enterprise vulnerability management.    

Read more

What is Snyk and how does it contribute to DevSecOps?

What is Snyk?  It’s classified as an SCA (software composition analysis) security tool meaning it scans your source code for use of known vulnerabilities in functions, libraries, packages, and can also scan entire docker images, cloud servers, and IaC (Infrastructure as Code) deployments for vulnerabilities.  Watch the video below for a summary and demo on how Snyk’s can contribute to your DevSecOps program.

Read more

From the defender’s perspective ransomware is the biggest threat in the modern cybersecurity landscape. From a criminal perspective it’s a highly lucrative form of cybercrime, and perpetrators face only negligible chances of being prosecuted with less than 20 arrests reported in 2020 [1]. The highest amount of ransom ever paid by a single company for a single incident is $40 million US dollars [2][3], however, the cost of a ransomware attack is not limited to ransom payments. Companies can incur millions more in remediation costs, service downtime, legal settlements, higher insurance premiums, and potentially suffer long-term deleterious effects to their brand reputation [4]. One report estimates that 74% of ransomware payments go to Russian backed groups; more than $400 million USD in 2021 [5]. Another report from blockchain research group Chainalysis suggests that nearly $700 million USD in ransomware ransom was paid in 2020 [6] [7]. Not all ransomware strains…

Read more

OpenSSF is a new initiative aimed at improving the security of open source software (OSS). Founded by a group of major tech companies, including Google, Microsoft, and Red Hat, OpenSSF is intended to provide a collaborative framework for organizations to work together on security best practices, guidelines, and tools for OSS. The goal of OpenSSF is to make it easier for organizations to adopt OSS without sacrificing security. What is Software Supply Chain Risk? Software supply chain risks refer to the potential vulnerabilities and security threats that can arise in the process of creating, distributing, and maintaining software. These risks can come from a variety of sources, including the use of insecure or unverified third-party components, inadequate testing and verification processes, and the lack of secure communication and collaboration among teams. One of the biggest risks associated with the software supply chain is the potential for malicious code to be…

Read more