Report: Nearly Half of Security Professionals Think They Could Execute a Successful Insider Attack...
As potential threats and entry points into organizations’ databases keep growing, so does the amount of money folks are throwing at detecting and actioning...
Loki Bot: On a hunt for corporate passwords
Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes. The messages discovered so far contain an attachment with...
Explainer Series: What is Clickjacking?
Here we go, another online trap ready to ensnare unsuspecting – well, until now anyway – users. As if Phishing, Cryptojacking, credential stuffing and...
Time For Your Compliance Checkup – How Mercy Health Uses Tripwire to Pass Audits
Time For Your Compliance Checkup – How Mercy Health Uses Tripwire to Pass...
Static vs Dynamic Data Masking: Why Are We Still Comparing the Two?
Earlier this month a leading analyst released their annual report on the state of Data Masking as a component of the overall Data Security...
Read: Apache Struts Patches ‘Critical Vulnerability’ CVE-2018-11776
On August 22, Apache Struts released a security patch fixing a critical remote code execution vulnerability. This vulnerability has been assigned CVE-2018-11776 (S2-057) and...
Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware
Overview
Lazarus has been a major threat actor in the APT arena for several years. Alongside goals like cyberespionage and cybersabotage, the attacker has been...
Behind the Numbers: Database Authentication and Authorization
Earlier this month, I posted a blog about how most companies I speak with have not implemented a modern database authentication and authorization approach....
Great Cybersecurity with Small Teams
Great Cybersecurity with Small Teams #outlook a{ padding:0; } body{ width:100% !important;...
Latest article
Hackers Use Six-Layer Persistence to Maintain Access on Compromised FreePBX Systems
A hacker group known as INJ3CTOR3 has been running an active campaign against FreePBX systems, deploying a newly discovered PHP webshell called JOMANGY that...
Metasploit Wrap Up 05/22/2026
Another week, another authentication bypassOur humble Metasploit weekly(ish) blog has been blessed with a new network component vulnerability. The dynamic duo of @sfewer-r7 and...
FBI warns of Kali Oauth stealers
The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365....
Microsoft Warns: Windows Zero-Day ‘YellowKey’ Can Bypass BitLocker
Microsoft has released a temporary mitigation for YellowKey, a Windows zero-day that can reportedly bypass BitLocker protections.
The post Microsoft Warns: Windows Zero-Day ‘YellowKey’ Can...
