Server-side request forgery aka SSRF, is a vulnerability that enables an attacker to use a vulnerable server as a proxy to make HTTP requests on behalf of the attacker. SSRF are regularly used to target internal services that are behind firewall and not exposed to the public directly.
The security world is changing rapidly and we are slowly reaching another huge milestone. Not a very happy one though: manual security operations are no longer sufficient. This is a little bit painful to admit but the fact remains: if you rely on the manual labour of CTOs, CISOs and their teams to react to an incident, then you are in for a very rude awakening.
“Blues” like to work with protecting infrastructure and business cases they might have never seen before. “Red” penetration testers enjoy getting their teeth into new frameworks and boy do they enjoy trying social engineering on young ambitious people (probably too much as well). It was a great pleasure to have Ronald Hindriks, Co-founder and Ops leader of Jobbatical, join me for a fireside chat about security and start-up challenges.
There is a wide range of offerings in the field of SIEM’s. Most of them do not come cheap and intrest is filled with horror stories of SIEM projects started off on the wrong foot. The topic itself can be overwhelming. Which solution to choose and what to log?
As the information security risks are becoming more apparent to companies, many have started dedicating more time to fighting these. But no amount of money spent on firewalls, anti-virus, cloud security etc can demonstrate this dedication to your customers.
We got hacked - is a sentence that a cyber security provider should not ever say to stay in business… but here is our story!
Cybersecurity-related scary stories bring out all the myths and beliefs you, as a manager, have about IT and security. We would like to address some common ones and try to dispel them for good.
If you remember Edward Snowden, then you probably may remember him revealing that Cisco and a few others were regularly putting backdoors into their routers and firewalls. Well, there is yet another firewall and infrastructure device vendor, which was discovered to do the same recently. Zyxel.
Earlier today, one of Estonia’s leading media portals Äripäev/Деловые ведомости (Part of Bonnier Group) got hit by a malicious DDoS (Distributed Denial of Service) attack. Unfortunately, we see more and more of these attacks and there is little which can be done to prevent them. We have asked our colleague, Vladimir Jelov to share some insights and tips in not-so-technical terms. As of the time of writing, Cybers comments are based on publicly available information.
MCF Group improves the data centre team’s security awareness with a dedicated cybersecurity hygiene training
The elephant in the room being Schrem’s II ruling, which effectively invalidated Privacy shield between EU and USA. That in return led to a situation where US-based companies forced to provide access to customer data even by authorities are in breach European General Data Protection Regulation (GDPR).
For a long time, a good password policy has had 3 key factors: strong passwords, periodic change of passwords, and activation of Multifactor Authentication. Nowadays the value of periodic password change is questionable and many organizations, like NIST and Microsoft, find this obsolete and worthless.
Following this year’s cybersecurity summit we’ve run a small poll with our speakers to squeeze a few more drops of wisdom out them. We were half-expecting everyone to be saying the same things but to our surprise, there was a huge variety of thoughts.
Planning an international conference with tens of speakers and hundreds of guests is difficult. Planning one in a World with a deadly pandemic ranging outside makes it even more… challenging. Here is how it went for us and some tips along the way.
Security Operations Centre is a great concept but also, notoriously difficult to implement. In this article we begin unwrapping the complexity of SOC, starting with technology. Spoiler: Technology is an easy step.
It’s official: there is less than a month left until 2020 Security Summit. If you still haven’t secured your ticket – here are 10 reasons why you should. There are, of course, more than 10 but we wanted to keep the list short. Also, a gift of cyber security conference attendance is great for karma.
Before we get into the nitty-gritty of considering running Security Operations Center (SOC) or sourcing one (SOCaaS) it’s important to understand why organizations may need one and why - now. Also, your CFO or whoever controls the money will raise that question before anything else.
During the last weeks of emergency situation due to a COVID19, Estonia as well as all other counties are experiencing a significant impact on their population’s daily lifestyle, schedule, and routines.