Understanding Common Code Programming Issues Leading to Security Breaches
A great deal of focus when thinking about and or discussing security breaches is generally directed to issues with networks and or social engineering. In reality, many of these breaches stem from common issues in code writing. This blog explores different types of breaches, the potential damage each can inflict, and preventive measures that can… Continue reading Understanding Common Code Programming Issues Leading to Security Breaches
Embracing Zero Trust Security: A Strategic Imperative for Modern Businesses
Cyber threats are continuing to evolve, grow in sophistication and be more pervasive, causing traditional security measures to be no longer sufficient. This inadequacy has paved the way for the adoption of Zero Trust security strategies, a paradigm shift in how security is approached and implemented within organisations. Organisational adoption of Zero Trust security frameworks… Continue reading Embracing Zero Trust Security: A Strategic Imperative for Modern Businesses
The Rise of Info Stealer Malware: A Growing Threat to Businesses
Stealer malware, or information-stealing malware, is a type of malicious software designed to gather sensitive information typically targeting personal, financial, or business-related data. The data collected could include passwords, financial information, corporate data, and personal identification details. Once installed, this malware operates discreetly, often without triggering any noticeable alarms, making it particularly dangerous. The functionality… Continue reading The Rise of Info Stealer Malware: A Growing Threat to Businesses
Will AI Kill the Pen Testing Star
Those who use the different AI support technology available, are seeing a trend, that the results, generally speaking, produced by the tools are getting better every month. There is still the old computing issue of garbage in, garbage out, but as we learn to better seed the bots and the bots learn what data we… Continue reading Will AI Kill the Pen Testing Star
How AI is Impacting Cybersecurity and Penetration Testing
In the era of rapid technological advancement, the proliferation of AI platforms is revolutionising the way we interact with digital information, enhancing productivity, and streamlining decision-making processes. However, this same technology, designed to simplify and enrich our lives, is being weaponized by hackers and bad actors. These individuals exploit the capabilities of AI to orchestrate… Continue reading How AI is Impacting Cybersecurity and Penetration Testing
The Impact of Cybersecurity Breaches on Australian Businesses in 2023
In the digital era, cybersecurity breaches are a critical concern globally, and Australia is no exception. With the increasing dependency on digital platforms, Australian businesses face significant challenges in safeguarding data. The Office of the Australian Information Commissioner (OAIC) plays a pivotal role in monitoring these breaches, providing valuable insights into the cybersecurity landscape in… Continue reading The Impact of Cybersecurity Breaches on Australian Businesses in 2023
Is Your Business Balancing API Productivity Gains with Risk Mitigation?
APIs are a critical component of any digital business, sharing information between various software solutions and streamlining and improving business productivity through system integration. They allow modularity in development projects, increase the scalability of the business and in theory should enhance your software security. API security breaches have become increasingly common in recent years, with… Continue reading Is Your Business Balancing API Productivity Gains with Risk Mitigation?
Black Box Penetration Testing
Penetration testing – or pen-testing as we colloquially call it – is a crucial component to a robust security programme in any organisation. As management, it’s critical you understand where pen-testing fits into your programme and what it can do for your organisation. Equally important is what it can’t do, and how the different “flavours”… Continue reading Black Box Penetration Testing
When it all goes wrong on AWS – how an SSRF can lead to full control of your EC2 infrastructure
AWS is an incredibly powerful cloud platform that enables businesses to quickly and efficiently deploy a wide range of software and services to end users. This feature-rich environment does of course increase the attack surface that bad actors have to exploit, especially when combined with lax configurations and poorly designed APIs. In this blog post,… Continue reading When it all goes wrong on AWS – how an SSRF can lead to full control of your EC2 infrastructure
Using Zeek to detect exploitation of Citrix CVE-2019-19781
Using the tool Zeek, formally known as bro, is a high-level packet analysis program. It originally began development in the 1990s and has a long history. It does not directly intercept or modify traffic, rather it passively observes it and creates high-level network logs. It can be used in conjunction with a SIEM to allow… Continue reading Using Zeek to detect exploitation of Citrix CVE-2019-19781