John the Ripper is a popular password cracking tool that can be used to perform brute-force attacks using different encryption technologies and helpful wordlists. It’s often what pen-testers and ethical hackers use to find the true passwords behind hashes. This…
Category: esecurityplanet
Open Source Security Index Lists Top Projects
Two venture investors have launched an index to track the most popular open source security projects. Chenxi Wang of Rain Capital and Andrew Smyth of Atlantic Bridge unveiled the Open Source Security Index last month. The website leverages GitHub application…
Hackers Use RMM Software to Breach Federal Agencies
Cybercriminals recently breached U.S. federal agencies using remote monitoring and management (RMM) software as part of a widespread campaign. The malicious campaign began in June 2022 or earlier and was detected a few months later, according to an advisory from…
10 Best Identity and Access Management (IAM) Solutions
Identity and Access Management (IAM) once helped IT departments in large enterprises to manage employees in Active Directory. In a modern IT environment IAM plays a far more critical role in authorizing geographically dispersed workforces as they connect to internal…
Threat Groups Distributing Malware via Google Ads
Security researchers are warning that Google Ads are being actively leveraged to distribute malware to unsuspecting victims searching for software downloads. On January 20, CronUp researcher Germán Fernández warned that the DEV-0569 ransomware group is using Google Ads to distribute…
How to Prevent Cross-Site Scripting (XSS) Attacks
Cross-site scripting attacks (XSS) are used to steal data and hijack browsing sessions so attackers can take action on a victim’s behalf. Attackers may use this opportunity to alter web pages, post on social accounts, initiate bank transfers or make…
Penetration Testing vs. Vulnerability Testing: An Important Difference
Many cybersecurity audits now ask whether penetration testing is conducted and how vulnerabilities are detected and tracked. These questions ask IT teams to consider how frequently security is tested from the outside via penetration testing and from the inside via…
Cybercriminals Use VSCode Extensions as New Attack Vector
Microsoft’s Visual Studio Code integrated development environment (IDE) is used by as much as 75% of developers, so any security issue has widespread implications. And Aqua Nautilus researchers have discovered a big one. The researchers reported earlier this month that…
13 Best Intrusion Detection and Prevention Systems (IDPS) for 2023
Intrusion detection systems (IDS) and intrusion prevention systems (IPS) – often combined as intrusion detection and prevention (IDPS) – have long been a key part of network security defenses for detecting, tracking, and blocking threatening traffic and malware. With the…
10 Best Open-Source Vulnerability Scanners for 2023
Vulnerability assessment tools scan assets for known vulnerabilities, misconfigurations, and other flaws. These scanners then output reports for IT security and application development operations (DevOps) teams that feed prioritized tasks into ticketing and workflow systems for remediation. Open source vulnerability…
13 Best Intrusion Detection and Prevention Systems (IDPS)
Intrusion detection systems (IDS) and intrusion prevention systems (IPS) – often combined as intrusion detection and prevention (IDPS) – have long been a key part of network security defenses for detecting, tracking, and blocking threatening traffic and malware. With the…
20 Top Cybersecurity Companies for 2023
As the demand for robust security defense grows, the market for cybersecurity technology has exploded, as have the number of available solutions. To help you navigate this growing market, we provide our recommendations for the world’s leading cybersecurity technology providers,…
ChatGPT’s Dark Side: An Endless Supply of Polymorphic Malware
CyberArk researchers are warning that OpenAI’s popular new AI tool ChatGPT can be used to create polymorphic malware. “[ChatGPT]’s impressive features offer fast and intuitive code examples, which are incredibly beneficial for anyone in the software business,” CyberArk researchers Eran…
16 Best Digital Forensics Tools & Software
For everything from minor network infractions to devastating cyberattacks and data privacy troubles, digital forensics software can help clean up the mess and get to the root of what happened. Since the inception of data forensics almost forty years ago, methods…
Cybersecurity in the Metaverse Will Require New Approaches
Despite challenges faced by Meta and others, there remains optimism for the metaverse. The PwC 2022 U.S. Business and Consumer Metaverse Survey highlights this. The survey, which included over 5,000 consumers and 1,000 U.S. business leaders, shows that half of…
Microsoft Patch Tuesday Fixes 11 Critical Vulnerabilities, One Zero-Day
Microsoft’s first Patch Tuesday of 2023 addresses 98 vulnerabilities, more than twice as many as last month – including one zero-day flaw that’s being actively exploited, as well as 11 critical flaws. The zero-day, CVE-2023-21674, is a Windows Advanced Local…
Researchers’ Quantum Threat Debunked, RSA Safe for Now
In a paper published late last month, 24 Chinese researchers suggested that RSA-2048 encryption could be broken using a quantum computer with 372 physical quantum bits. Cryptographer Bruce Schneier drew attention to the paper [PDF] last week in a blog…
16 Best Digital Forensics Tools & Software
The post 16 Best Digital Forensics Tools & Software appeared first on eSecurityPlanet. This article has been indexed from eSecurityPlanet Read the original article: 16 Best Digital Forensics Tools & Software
Best Fraud Management Systems & Detection Tools
The post Best Fraud Management Systems & Detection Tools appeared first on eSecurityPlanet. This article has been indexed from eSecurityPlanet Read the original article: Best Fraud Management Systems & Detection Tools
Best LastPass Alternatives: Compare Password Managers
The post Best LastPass Alternatives: Compare Password Managers appeared first on eSecurityPlanet. This article has been indexed from eSecurityPlanet Read the original article: Best LastPass Alternatives: Compare Password Managers
5 Trends in Patch Management
The post 5 Trends in Patch Management appeared first on eSecurityPlanet. This article has been indexed from eSecurityPlanet Read the original article: 5 Trends in Patch Management
Best Internet Security Software & Suites
The post Best Internet Security Software & Suites appeared first on eSecurityPlanet. This article has been indexed from eSecurityPlanet Read the original article: Best Internet Security Software & Suites
12 Top Vulnerability Management Tools for 2023
Vulnerability management tools go well beyond patch management and vulnerability scanning tools by discovering security flaws in network and cloud environments and prioritizing and applying fixes. Many IT departments struggle to stay on top of security vulnerabilities, and many don’t…
Rackspace Breach Linked to New OWASSRF Vulnerability
Rackspace has acknowledged that it was hit by the Play ransomware a month ago in an attack that compromised customers’ Microsoft Exchange accounts. The attackers apparently leveraged a zero-day vulnerability called OWASSRF that was recently analyzed by CrowdStrike. In an…
The 22 Best Vulnerability Scanner Tools for 2023
Vulnerability scans play a critical role in protecting assets from attacker exploitation by identifying missing updates, misconfigurations, and other common security issues. Originally designed to test local networks and devices, vulnerability scanning tools have evolved to encompass the modern IT…
Security Outlook 2023: Cyber Warfare Expands Threats
After a year that saw massive ransomware attacks and open cyber warfare, the biggest question in cybersecurity for 2023 will likely be how much of those attack techniques get commoditized and weaponized. “In 2022, governments fought wars online, businesses were…
How to Prevent SQL Injection: 5 Key Methods
Most modern websites and applications connect to databases and the databases are programmed using Structured Query Language (SQL). SQL injection (SQLi) vulnerabilities arise when websites do not adequately screen, filter, or control the queries from the website, which permits attackers…
Top 12 Cybersecurity Training Courses for Your Employees
Despite all the advances in cybersecurity tools, employees remain the weak link in organizations’ digital armor. Fortunately, cybersecurity awareness training programs have grown in both number and sophistication, giving businesses a better chance to keep a single phishing email or…
How to Decrypt Ransomware Files – And What to Do When That Fails
For any organization struck by ransomware, business leaders always ask “how do we decrypt the data ASAP, so we can get back in business?” The good news is that ransomware files can be decrypted: Tools (paid or free) can be…
Ransomware Protection: How to Prevent Ransomware Attacks
The best way to prevent ransomware is also the best way to prevent any malware infection – to implement security best practices. Of course, if best practices were easy, no ransomware attacks would occur. All organizations, even the most prepared,…
Complete Guide to the Types of DDoS Attacks
Distributed denial-of-service (DDoS) attacks occur when attackers use a large number of devices to attempt to overwhelm a resource and deny access to that resource for legitimate use. Most commonly, we see DDoS attacks used against websites, applications, or services…
10 of the Best Patch Management Service Providers
Patch management services are becoming increasingly popular as the number of software and application vulnerabilities demanding fixes has overwhelmed IT and security teams. A major selling point of patch management services (and broader vulnerability management services) is that they reduce,…
Vulnerability Management as a Service: Top VMaaS Providers
There are 20,000 or more new software and hardware vulnerabilities every year. It falls to IT security teams to determine where those vulnerabilities lie in their organization and which ones they need to prioritize. That process can be overwhelming. Vulnerability…
ChatGPT: A Brave New World for Cybersecurity
Released on November 30, ChatGPT has instantly become a viral online sensation. In a week, the app gained more than one million users. Unlike most other AI research projects, ChatGPT has captivated the interest of ordinary people who do not…
Researchers Warn of Exploit that Bypasses Web Application Firewalls
Team82 researchers have disclosed an attack technique that bypasses industry-leading web application firewalls (WAFs) by appending JSON syntax to SQL injection payloads. “An attacker able to bypass the traffic scanning and blocking capabilities of WAFs often has a direct line…
Patch Tuesday Fixes Actively Exploited MOTW Vulnerability
Microsoft’s December 2022 Patch Tuesday includes fixes for over four dozen vulnerabilities, six of them critical – including a zero-day flaw in the SmartScreen security tool, CVE-2022-44698, that’s being actively exploited. Regarding that flaw, Microsoft observed, “An attacker can craft…
What is Patch Management?
Patch management is the consistent and repeatable process of distributing and implementing updates to software, typically to address security and functionality issues. While difficult to get right, patch management is one of the most critical cybersecurity practices, and thus worth…
Researchers Warn of Exploit that Bypasses Web Application Firewalls
Team82 researchers have disclosed an attack technique that bypasses industry-leading web application firewalls (WAFs) by appending JSON syntax to SQL injection payloads. “An attacker able to bypass the traffic scanning and blocking capabilities of WAFs often has a direct line…
Zero-Day Flaws Found in Several Leading EDR, AV Solutions
SafeBreach Labs researcher Or Yair has uncovered zero-day vulnerabilities in several leading endpoint detection and response (EDR) and antivirus (AV) solutions that enabled him to turn the tools into potentially devastating next-generation wipers. “This wiper runs with the permissions of…
9 Best DDoS Protection Service Providers for 2023
When trying to defend your organization against DDoS attacks, one of the more potent tools in your arsenal is access to DDoS protection service providers. With DDoS protection services, your organization’s websites can stay safe through tactics like the clean…
What Is a Distributed Denial of Service (DDoS) Attack?
A distributed denial-of-service (DDoS) attack is a type of cyberattack in which multiple compromised systems are used to target a single system, usually with the goal of overwhelming its resources and making it unavailable to its users. DDoS attacks can…
What VCs See Happening in Cybersecurity in 2023
It has certainly been a rough year for the tech industry. There have been many layoffs, the IPO market has gone mostly dark, and venture funding has decelerated. Despite all this, there is one tech category that has held up…
Average Fortune 500 Company Has 476 Critical Vulnerabilities
In a recent analysis of the public and Internet-facing assets of 471 of the Fortune 500 companies, Cyberpion uncovered more than 148,000 critical vulnerabilities (exploits that are publicly available and actively targeted), with an average of 476 per company. Fully…
Building a Ransomware Resilient Architecture
A user calls into the helpdesk reporting that their system is down. Upon investigation, you discover it’s ransomware. Servers are encrypted with “.locked” file extensions on files. Ransom notes are on the desktops. No problem, just restore, right? You have…
How to Stop DDoS Attacks in Three Stages
When under siege from a distributed denial of service (DDoS) attack, systems grind to a halt and often become entirely unresponsive. To stop the attack, defenders must move quickly and navigate three broad stages: Stage I: Block the DDoS Attack:…
HP Wolf Warns of Surge in Malware Hidden in ZIP, RAR Files
Archive files are now the most common file type used to deliver malware – eclipsing Microsoft Office files for the first time – according to HP Wolf Security’s Q3 2022 Quarterly Threat Insights Report. Forty-four percent of malware was delivered…
Main Targets of Ransomware Attacks & What They Look For
Ransomware has become a potent tool for cyber criminals looking to exploit companies’ sensitive data for profit. Ransomware attacks have affected businesses across all sizes, locations, and industries, from banking and financial services to utilities to education. When trying to…
Top 6 Rootkit Threats and How to Protect Yourself
In the ever-evolving world of malware, rootkits are some of the most dangerous threats out there. A fusion of the words “root” and “kit,” rootkits are essentially software toolboxes. Though not initially developed for malicious purposes, these toolboxes have become…
Researchers Find Supply Chain Vulnerability in IBM Cloud
The Wiz Research Team recently discovered a supply chain vulnerability in IBM Cloud that they say is the first to impact a cloud provider’s infrastructure. In a dramatic flair, they named the flaw Hell’s Keychain. The security issues were reported…
How You Get Malware: 8 Ways Malware Creeps Onto Your Device
Malware can unleash devastating attacks on devices and IT systems, resulting in the theft of sensitive data and money, destruction of hardware and files, the complete collapse of networks and databases, and more. Understanding the attack paths malware uses to…
Almost Half of All Chrome Extensions Are Potentially High-Risk
In a recent study of 1,237 Chrome extensions with a minimum of 1,000 downloads, Incogni researchers found that nearly half ask for permissions that could potentially expose personally identifiable information (PII), distribute adware and malware, or even log everything users…
What is Malware? Definition, Purpose & Common Protections
Anyone who has used a computer for any significant length of time has probably at least heard of malware. Short for “malicious software,” malware is any piece of computer software designed to disrupt the regular function of a network or…
Russian Infostealer Gangs Steal 50 Million Passwords
Group-IB cybersecurity researchers recently identified several Russian-speaking cybercrime groups offering infostealing malware-as-a-service (MaaS), resulting in the theft of more than 50 million passwords thus far. The cybercrime groups are using Raccoon and Redline malware to steal login credentials for Steam,…
Microsoft Warns of Surge in Token Theft, Bypassing MFA
The Microsoft Detection and Response Team (DART) recently warned that attackers are increasingly using token theft to circumvent multi-factor authentication (MFA). “By compromising and replaying a token issued to an identity that has already completed multifactor authentication, the threat actor…
FTX Collapse Highlights the Cybersecurity Risks of Crypto
John Jay Ray III is one of the world’s top bankruptcy lawyers. He has worked on cases like Enron and Nortel. But his latest gig appears to be the most challenging. On November 11, he took the helm at FTX,…
One in Five Public-Facing Cloud Storage Buckets Expose Sensitive Data
Public-facing cloud storage buckets are a data privacy nightmare, according to a study released today. Members of Laminar Labs’ research team recently found that one in five public-facing cloud storage buckets contains personally identifiable information (PII) – and the majority…
Sample Patch Management Policy Template
[How to use this template:] [Comments intended to guide understanding and use of this template will be enclosed in brackets “[…]” and the ‘company’ will be listed as [eSecurity Planet] throughout the document. When converting this template to a working…
Vulnerability Patching: How to Prioritize and Apply Patches
Every IT environment and cybersecurity strategy has vulnerabilities. To avoid damage or loss, organizations need to find and eliminate those vulnerabilities before attackers can exploit them. Some of those vulnerabilities will be found and fixed by vendors, who will provide…
Patch Management Policy: Steps, Benefits and a Free Template
Patching and updating devices can be a hassle and can cause business disruption. Yet, unpatched vulnerabilities provide attackers with open opportunities to cause great damage – with studies showing unpatched vulnerabilities estimated to account for 30-60% of all breaches! A…
MITRE ResilienCyCon: You Will Be Breached So Be Ready
Speakers at last week’s MITRE ResilienCyCon conference had a surprisingly candid message for attendees: You will likely be breached at some point so focus on the controls and response capabilities your organization needs to survive a cyber attack. The conference’s…
Major TTE Flaw Could Threaten Critical Infrastructure, Including Aircraft
Researchers at the University of Michigan and NASA are warning of a major flaw in the TTE (Time-Triggered Ethernet) protocol, which is used in a wide range of critical infrastructure, including spacecraft, aircraft, energy generation systems, and industrial control systems.…
AI in Cybersecurity: How It Works
There’s a never-ending battle going on between cyber defenders and attackers, and this plays out with security products too: As soon as a security vendor develops a way to mitigate the latest threat, attackers are busy finding a way around…
One in Five Public-Facing Cloud Storage Buckets Expose Sensitive Data
Public-facing cloud storage buckets are a data privacy nightmare, according to a study released today. Members of Laminar Labs’ research team recently found that one in five public-facing cloud storage buckets contains personally identifiable information (PII) – and the majority…
Major TTE Flaw Could Threaten Critical Infrastructure, Including Aircraft
Researchers at the University of Michigan and NASA are warning of a major flaw in the TTE (Time-Triggered Ethernet) protocol, which is used in a wide range of critical infrastructure, including spacecraft, aircraft, energy generation systems, and industrial control systems.…
AI in Cybersecurity: How It Works
There’s a never-ending battle going on between cyber defenders and attackers, and this plays out with security products too: As soon as a security vendor develops a way to mitigate the latest threat, attackers are busy finding a way around…
GitHub Adds New Security Features for Open Source Community
GitHub has announced new features that could improve both developers’ experience and supply chain security. The “private vulnerability” reports announced at GitHub Universe 2022 will allow open-source maintainers to receive private issues from the community. Maintainers will be able to…
Azov ‘Ransomware’ Wipes Data, Blames Security Researchers
Check Point security researchers recently described the Azov ransomware as an “effective, fast, and unfortunately unrecoverable data wiper,” noting that the malware seems far more focused on destroying data than on any effort to demand a ransom. As Check Point’s…
What is Patch Management?
Patches are lines of code that influence the behavior of an application, operating system, or platform. They are often released to correct errors in code, optimize current features, or add new features to software. Patch management is the consistent and…
ProxyNotShell Finally Gets Patched by Microsoft
Microsoft’s November 2022 Patch Tuesday includes fixes for more than 60 vulnerabilities affecting almost 40 different products, features and roles – including patches for CVE-2022-41040 and CVE-2022-41082, the ProxyNotShell flaws disclosed last month. “It took Microsoft more than two months…
MSSPs Fare Well in First MITRE Evaluations
If MITRE Engenuity’s new MSSP evaluations are any indication, managed security service providers are a little like children from Lake Wobegon: They’re all above average. Of the 15 MSSPs that participated in MITRE’s first-ever security services testing, only three failed…
How to Stop DDoS Attacks
The best way to stop a distributed denial of service (DDoS) attack will always be to be prepared for one in advance. Rushing to find solutions while dealing with an active attack makes everything so much harder. However, prepared or…
Top 6 Rootkit Threats and How to Protect Yourself
In the ever-evolving world of malware, rootkits are some of the most dangerous threats out there. Once installed, a rootkit provides a hacker with numerous tools and options with which to wreak havoc on a system and network, often while…
9 Best DDoS Protection Service Providers for 2023
Distributed denial of service (DDoS) attacks can cripple an organization, a network, or even an entire country, and they show no sign of slowing down. While there are some things security teams can do to prepare for DDoS attacks and…
REMnux: The Linux Toolkit for Reverse Engineering and Malware Analysis
REMnux is a free community distribution that ethical hackers, security researchers, and many other security pros can leverage to build their own labs and speed up malware analysis. Whether you’re new to these specialties or an experienced investigator, REMnux contains…
Threat Group Continuously Updates Malware to Evade Antivirus Software
Kaspersky researchers recently found evidence of an advanced threat group continuously updating its malware to evade security products, similar to a release cycle for developers. Kaspersky revealed that APT10, also known as the Cicada hacking group, has successfully deployed the…
Versa Networks, Apiiro Show VCs Still Focused on Cybersecurity
A pair of recent $100 million funding rounds show that venture capital is still flowing into cybersecurity startups despite economic headwinds and rising interest rates. Versa Networks announced a funding round for $120 million last week, while Apiiro followed this…
How to Prevent DDoS Attacks: 5 Steps for DDoS Prevention
Distributed denial of service (DDoS) attacks seek to cripple a corporate resource such as applications, web sites, servers, and routers, which can quickly lead to steep losses for victims. However, DDoS attackers sometimes even target the specific computers (or routers)…
The History of Computer Viruses & Malware
If you’ve used a computer for more than 5 minutes, you probably know a thing or two about computer viruses and malware. On the modern Internet, malware is a near-constant presence. Whether it’s infected emails stealing employee access credentials or…
Main Targets of Ransomware Attacks & What They Look For
Cyber crime seems to evolve and innovate as much as the tech industry it seeks to exploit. In recent times, ransomware has become an especially potent tool of cyber criminals looking to exploit companies’ sensitive data for profit. Recent innovations…
Heartbleed 2.0? OpenSSL Warns of Second-Ever Critical Security Flaw
The OpenSSL project this week announced plans to release version 3.0.7 on November 1 to patch a critical security flaw affecting versions 3.0 and later. Co-founder Mark J. Cox noted it’s only the second critical patch “since we started rating…
Cybercriminals Use Fake Public PoCs to Spread Malware and Steal Data
GitHub proofs of concept (PoCs) for known vulnerabilities could themselves contain malware as often as 10% of the time, security researchers have found. Researchers at the Leiden Institute of Advanced Computer Science have alerted security professionals about risks associated with…
Data Exfiltration: Symantec Warns of Exbyte Threat as Hive Group Leaks Tata Data
Symantec researchers are warning that a BlackByte ransomware affiliate has begun using a custom data exfiltration tool, Infostealer.Exbyte, to steal data from victims’ networks as part of their attacks. Still, as a recent breach of an Indian power company by…
What Is a Distributed Denial of Service (DDoS) Attack?
A distributed denial-of-service (DDoS) attack is a type of cyberattack in which multiple compromised systems are used to target a single system, usually with the goal of overwhelming its resources and making it unavailable to its users. DDoS attacks can…
New Version of Fodcha DDoS Botnet Adds Extortion
Back in April of this year, 360 Netlab researchers reported on a new DDoS botnet with more than 10,000 daily active bots and over 100 DDoS victims per day, dubbed Fodcha due to its command and control (C2) domain name…
Data Exfiltration: Symantec Warns of Exbyte Threat as Hive Group Leaks Tata Data
Symantec researchers are warning that a BlackByte ransomware affiliate has begun using a custom data exfiltration tool, Infostealer.Exbyte, to steal data from victims’ networks as part of their attacks. Still, as a recent breach of an Indian power company by…
What Is a Distributed Denial of Service (DDoS) Attack?
A distributed denial-of-service (DDoS) attack is a type of cyberattack in which multiple compromised systems are used to target a single system, usually with the goal of overwhelming its resources and making it unavailable to its users. DDoS attacks can…
How to Recover From a Ransomware Attack
The best way to recover from a ransomware attack is to execute a carefully practiced incident response plan. So easy to say, so difficult to do correctly. In fact, many organizations have no plan at all. Instead, they not only…
Ransomware Group Bypasses Windows 10 Warnings
A ransomware family targeting individual computer users is using a zero-day Windows bug to infect users, ANALYGENCE senior vulnerability analyst Will Dormann has found. HP Wolf Security researchers recently published a blog post on the Magniber ransomware campaign’s ability to…
Vulnerability Management as a Service: Top VMaaS Providers
There are 20,000 or more new software and hardware vulnerabilities every year, yet only a few hundred might be actively exploited. It falls to IT security teams to determine where those vulnerabilities lie in their organization and which ones they…
Time-Consuming Remediation: Assessing the Impact of Text4Shell
Security researcher Alvaro Muñoz recently warned of a critical vulnerability in versions 1.5 through 1.9 of Apache Commons Text. The flaw, dubbed “Text4Shell” and identified as CVE-2022-42889, can enable remote code execution via the StringSubstitutor API. In response, version 1.10…
What Is a Distributed Denial of Service (DDoS) Attack?
A distributed denial-of-service (DDoS) attack is a type of cyberattack in which multiple compromised systems are used to target a single system, usually with the goal of overwhelming its resources and making it unavailable to its users. DDoS attacks can…
Data Exfiltration: Symantec Warns of Exbyte Threat as Hive Group Leaks Tata Data
Symantec researchers are warning that a BlackByte ransomware affiliate has begun using a custom data exfiltration tool, Infostealer.Exbyte, to steal data from victims’ networks as part of their attacks. Still, as a recent breach of an Indian power company by…
How to Recover From a Ransomware Attack
The best way to recover from a ransomware attack is to execute a carefully practiced incident response plan. So easy to say, so difficult to do correctly. In fact, many organizations have no plan at all. Instead, they not only…
Ransomware Group Bypasses Windows 10 Warnings
A ransomware family targeting individual computer users is using a zero-day Windows bug to infect users, ANALYGENCE senior vulnerability analyst Will Dormann has found. HP Wolf Security researchers recently published a blog post on the Magniber ransomware campaign’s ability to…
Vulnerability Management as a Service: Top VMaaS Providers
There are 20,000 or more new software and hardware vulnerabilities every year, yet only a few hundred might be actively exploited. It falls to IT security teams to determine where those vulnerabilities lie in their organization and which ones they…
Time-Consuming Remediation: Assessing the Impact of Text4Shell
Security researcher Alvaro Muñoz recently warned of a critical vulnerability in versions 1.5 through 1.9 of Apache Commons Text. The flaw, dubbed “Text4Shell” and identified as CVE-2022-42889, can enable remote code execution via the StringSubstitutor API. In response, version 1.10…
What is Employee Monitoring? Full Guide to Getting It Right
Businesses have long wondered if employees are staying focused and doing their jobs. To answer this question, many in the modern age have turned to employee monitoring software. From facial recognition to surveillance cameras to time trackers or just having…
Penetration Testing Phases & Steps Explained
Organizations use penetration testing to strengthen their security. During these tests, simulated attacks are executed to identify gaps and vulnerabilities in the IT environment. But before hiring penetration testers or starting a pentesting program, any organization should be aware of…
What is Malware? Definition, Purpose & Common Protections
Anyone who has used a computer for any significant length of time has probably at least heard of malware. Short for “malicious software,” malware is any piece of computer software designed to disrupt the regular function of a network or…
Top Container Security Solutions for 2022
Containers are everywhere. Despite application containers being around for only a few years, they have already become an important building block of modern application development. But their popularity has made them a target for hackers, making container security an important area to…