Login
IntroductionΒ Iβve been writing cybersecurity articles for many years, and in that time, I have only seen increasingly complex security threats. Cybercriminals take their craft seriously. They treat cybercrime as a business, looking for ways to maximize profit while seeking innovative methods to circumvent our efforts to protect our businesses. The figures speak for themselves. [β¦]
The post Reactive vs. proactive security: Three benefits of a proactive cybersecurity strategy appeared first on Infosec Resources.
Introduction Building and maintaining a brand is an important part of a successful business. Having a recognized brand confers recognition, and if done well, provides a way of developing trust between customers and company. Brand trust and loyalty go hand-in-hand. Research has shown that 80% of US customers look at the trustworthiness of a brand [β¦]
The post Brand impersonation attacks targeting SMB organizations appeared first on Infosec Resources.
Introduction The Verizon Data Breach Investigations Report, or the Verizon Data Breach Report, is an annual report intended for information security professionals. It summarizes 3,950 confirmed data breaches and is a collection of work from 81 contributors spanning 81 countries and has grown more than a little bit since last yearβs twelfth edition.Β Navigating this [β¦]
The post 2020 Verizon Data Breach Investigations Report: Summary and key findings for security professionals appeared first on Infosec Resources.
Introduction Different regulations and laws will slap organizations with fines and penalties for data breaches. This is because the organization did not take the privacy of their data seriously. However, the authorities take this responsibility very seriously and will not hesitate to punish with fines and penalties that are sometimes in the hundreds of millions [β¦]
The post Cost of non-compliance: 8 largest data breach fines and penalties appeared first on Infosec Resources.
Introduction Organizations are increasingly integrating microservices into their software development processes. As noted by DZone, microservices break down software into multiple component services, thereby enabling organizations to deploy parts of an application without compromising the integrity of the entire program.Β This property also allows developers to address a microservice that starts acting up. The other [β¦]
The post Implementing a zero-trust model: The key to securing microservices appeared first on Infosec Resources.
Introduction Open-source software helped to revolutionize the way that applications are built by professionals and enthusiasts alike. Being able to borrow a non-proprietary library to quickly prototype and build an application not only accelerates progress in projects, but also makes things easier to work with. Open-source libraries when creating applications is not the only positive [β¦]
The post Open-source application security flaws: What you should know and how to spot them appeared first on Infosec Resources.
Multi-factor authentication (MFA) is one of the most popular authentication security solutions available to organizations today. It really comes as no surprise, as the multi-factor authentication benefits of enhanced security go beyond the basic password security measures by forcing the user to authenticate with another method that (presumably) only the legitimate user has access to.Β [β¦]
The post How to avoid getting locked out of your own account with multi-factor authentication appeared first on Infosec Resources.
The growing world of IoT β and security concerns The Internet of Things (IoT) is still a baby compared to other computing technologies, but the market has already exploded and continues to expand at a healthy pace. Telecommunications giant Ericsson estimates the number of IoT connections to grow from 10.8 billion in 2019 to 24.9 [β¦]
The post Japanβs IoT scanning project looks for vulnerable IoT devices appeared first on Infosec Resources.
Introduction A domain name is an important part of the reconnaissance process during a security assessment or even for many bug bounty challenges. In this article, weβll look at how a domain can be classified. Within this context, two scenarios of how to take advantage of domain misconfigurations will be analyzed. Finally, weβll discuss building [β¦]
The post How to create a subdomain enumeration toolkit appeared first on Infosec Resources.
Introduction Confidentiality is a fundamental information security principle. According to ISO 27001, it is defined as ensuring that information is not made available or disclosed to unauthorized individuals, entities or processes. There are several security controls designed specifically to enforce confidentiality requirements, but one of the oldest and best known is the use of passwords. [β¦]
The post How to find weak passwords in your organizationβs Active Directory appeared first on Infosec Resources.
Introduction CAPTCHA seems to be everywhere we look. These sloppy characters are on blogs, ticket websites, shopping portals β you name it. Those cars you need to spot in a block of images before you can access a website? Thatβs CAPTCHA too. CAPTCHA was invented to help sites distinguish human users from bots and automated [β¦]
The post How hackers use CAPTCHA to evade automated detection appeared first on Infosec Resources.
Introduction Whether your organization is tired of being held back by the cybersecurity workforce skills gap or your management team has watched the worst that a cyberattack could do to a peer organization, the time has come to do something about it. One of the best decisions your organization can make is to explore how [β¦]
The post How to pick the best cyber range for your cybersecurity training needs and budget appeared first on Infosec Resources.
Introduction If youβre sending instant messages at work, chances are youβre using Slack, the business-oriented analog of WhatsApp or Discord. Slack currently boasts over 12 million users worldwide, and as more businesses turn to remote or hybrid work environments, that number is only expected to grow. But Slackβs popularity raises a very important question: exactly [β¦]
The post Monitoring business communication tools like Slack for data infiltration risks appeared first on Infosec Resources.
Introduction There is a myth that good security solutions are necessarily expensive, but the truth is that there are many options, not only at low cost, but even excellent free tools that can be employed to protect most businesses. A good example of this is OWASPβs list of free for Open Source Application Security Tools, [β¦]
The post Are open-source security tools secure? Weighing the pros and cons appeared first on Infosec Resources.
Introduction In modern networks, security is not an afterthought. You need to know how to build secure networks from the outset. Security has to be woven into the very fabric of the network.Β The 200-301 CCNA exam covers security fundamentals among a broad range of networking topics. This article describes what you need to know [β¦]
The post CCNA certification prep: Security fundamentals appeared first on Infosec Resources.
Introduction The CCNP, or Cisco Certified Network Professional, is a certification endorsing IT professionals who have the knowhow and skill to set up, configure and manage local and wide-area networks within an enterprise. CCNP certification takes you through video, voice, wireless and advanced security issues. Since the training module and examinations for the CCNP certification [β¦]
The post Average CCNP salary 2020 appeared first on Infosec Resources.
Introduction To understand Network Security, itβs imperative that we understand networking fundamentals and networking basics. In this post, we will be learning about networking basics and fundamentals to get started with Network Security.Β We cannot cover whole networking in a single post so we will be focusing only on core networking concepts needed for network [β¦]
The post Networking fundamentals (for Network security professionals) appeared first on Infosec Resources.
Introduction Wireless networks have become an inherent part of our life and we all use wireless networks in some form in our day to day life. Of all the utilities provided by wireless networks, we use wireless networks widely for connecting to the internet. We connect to the internet wirelessly either by router or using [β¦]
The post Wireless Networks and Security appeared first on Infosec Resources.
Introduction In the previous article, we understood how print functions like printf work. This article provides further definition of Format String vulnerabilities. We will begin by discussing how Format Strings can be used in an unusual way, which is a starting point to understanding Format String exploits. Next, we will understand what kind of mistakes [β¦]
The post Format String Vulnerabilities: Use and Definitions appeared first on Infosec Resources.
Introduction In the previous articles, we discussed printing functions, format strings and format string vulnerabilities. This article provides an overview of how Format String vulnerabilities can be exploited. In this article, we will begin by solving a simple challenge to leak a secret from memory. In the next article, we will discuss another example, where [β¦]
The post How to exploit Format String Vulnerabilities appeared first on Infosec Resources.
FreshRSS