fbpx
skip to Main Content
Server-side Request Forgery – Open door to Your internal services

Server-side Request Forgery – Open door to Your internal services

Server-side request forgery aka SSRF, is a vulnerability that enables an attacker to use a vulnerable server as a proxy to make HTTP requests on behalf of the attacker. SSRF are regularly used to target internal services that are behind firewall and not exposed to the public directly.

If you are using ZyXEL, better patch and pray…

If you remember Edward Snowden, then you probably may remember him revealing that Cisco and a few others were regularly putting backdoors into their routers and firewalls. Well, there is yet another firewall and infrastructure device vendor, which was discovered to do the same recently. Zyxel.

Äripäev DDoS attack – our initial comments and tips

Earlier today, one of Estonia’s leading media portals Äripäev/Деловые ведомости (Part of Bonnier Group) got hit by a malicious DDoS (Distributed Denial of Service) attack. Unfortunately, we see more and more of these attacks and there is little which can be done to prevent them. We have asked our colleague, Vladimir Jelov to share some insights and tips in not-so-technical terms. As of the time of writing, Cybers comments are based on publicly available information.

MCF Group improves the data centre team’s security awareness with a dedicated cybersecurity hygiene training

The elephant in the room being Schrem’s II ruling, which effectively invalidated Privacy shield between EU and USA. That in return led to a situation where US-based companies forced to provide access to customer data even by authorities are in breach European General Data Protection Regulation (GDPR).

Periodic password change – an extra layer of security or just a burden to your employees?

For a long time, a good password policy has had 3 key factors: strong passwords, periodic change of passwords, and activation of Multifactor Authentication. Nowadays the value of periodic password change is questionable and many organizations, like NIST and Microsoft, find this obsolete and worthless.

10 fresh tips from Security Summit: Your Cybersecurity 2021

Following this year’s cybersecurity summit we’ve run a small poll with our speakers to squeeze a few more drops of wisdom out them. We were half-expecting everyone to be saying the same things but to our surprise, there was a huge variety of thoughts.

How to organize a security conference in COVID times

Planning an international conference with tens of speakers and hundreds of guests is difficult. Planning one in a World with a deadly pandemic ranging outside makes it even more… challenging. Here is how it went for us and some tips along the way.

Quick dive into the technology behind your SOC

Security Operations Centre is a great concept but also, notoriously difficult to implement. In this article we begin unwrapping the complexity of SOC, starting with technology. Spoiler: Technology is an easy step.

10 Reasons For Taking Part In The Security Summit

It’s official: there is less than a month left until 2020 Security Summit. If you still haven’t secured your ticket – here are 10 reasons why you should. There are, of course, more than 10 but we wanted to keep the list short. Also, a gift of cyber security conference attendance is great for karma.

How to cure your cyber security pain with a SOC?

Before we get into the nitty-gritty of considering running Security Operations Center (SOC) or sourcing one (SOCaaS) it’s important to understand why organizations may need one and why - now. Also, your CFO or whoever controls the money will raise that question before anything else.

Cybersecurity hygiene and COVID19 consequences for your business

During the last weeks of emergency situation due to a COVID19, Estonia as well as all other counties are experiencing a significant impact on their population’s daily lifestyle, schedule, and routines.