Cyber Security Awareness and Vulnerabilities Blog

Image
blog article thumbnail

Debunking Popular Myths About Pen Testing

When it comes to a security staple like penetration testing, we all have preconceived notions that make this practice seem quite challenging. The need to rotate vendors, interruptions to normal business, or even testers causing security risks are some that you often hear thrown around. But are they true? The short answer is no.
Image
Core Security blog thumbnail

How to Recover After Failing a Cybersecurity Audit

While it’s important to adhere to compliance regulations, blunders do happen. What does it mean when these blunders lead to you failing a cybersecurity audit, and how can you recover? Consequences of Failing a Cybersecurity Audit Failing a cybersecurity audit can mean several things. First, there’s the up-front legal fines that come with falling on the wrong side of compliance. Here are a few illustrative examples. 
Image
Core Security blog thumbnail

5 Things You Didn’t Know About Core Impact

You may have heard that Core Security’s Core Impact is an enterprise-grade penetration testing solution that uses same tactics and techniques as real-world attacks.
Image
Core Security blog thumbnail

Best Security Practices for Digital Banking

Online banking is nearly universal in 2023. No more long lines at the credit union, late-night ATM trips, or waiting for a check to be cashed. Digital banking has revolutionized the financial industry and the way we do business as a whole. 
Image
Core Security blog thumbnail

Accelerating Security Maturity with Fortra Bundles

In The Importance of Layering Offensive Security Solutions, Fortra experts underscore the advantage of developing a single source offensive security tooling portfolio.
Image
blog article thumbnail

Cybersecurity Heats Up in the Summer

When school is out for summer, it seems like everyone is on vacation – everyone except your (un)friendly neighborhood cybercriminals. Something about the summer months puts us off our guard and threat actors on high alert. The only way to stay safe is to know what’s causing the trouble in the first place. We’ve packed our sunscreen – now read on to find out how to make sure your security also doesn’t get burned.
Image
blog article thumbnail

Standardizing Red Teaming for the Financial Sector with the TIBER EU Framework

Cyber attacks may not have been around when Ben Franklin said, “By failing to prepare, you are preparing to fail,” but it has become an appropriate cybersecurity principle, nonetheless. So what does preparation involve and how are organizations ensuring that is integrated into their security strategy?
Image
blog article thumbnail

Underestimating the Why of Ransomware

Organized ransomware isn’t slowing down – in fact, a group just discovered a month ago is already responsible for dozens of attacks – and they are experts at discovering weaknesses we miss.
Image
blog article thumbnail

Prioritizing Cybersecurity During Organizational Change

The times, they are a changin', as Bob Dylan would say. It's a time of a lot of global change, leading to dramatic shifts in different industries. Organizations have to be agile and change along with it, all while keeping cybersecurity top of mind.
Image
blog article thumbnail

Three Reasons Why Organizations Should Always Retest After an Initial Pen Test

What’s the point of establishing a baseline if you don’t intend to track your progress? When organizations only run an initial pen test, they are only getting half the picture. A pen test is used to give a business a baseline idea of how well their systems would stack up against hackers who wanted to exploit vulnerabilities. Once the results are delivered, it’s up to the team to implement those changes. And then –
Image
blog article thumbnail

Active Directory Attack Paths Discovery: Leverage the Power of BloodHound Within Core Impact

Some time ago, Core Impact added a module that supports the use BloodHound, a data analysis tool that uncovers hidden relationships within an Active Di
Image
blog article thumbnail

The Danger of Overconfidence in Cybersecurity

There’s something positive about a healthy degree of fear. It lets us understand our own limitations, heightens our senses, and keeps us alive. The tendency to err on the side of caution was called out in our recent 2023 Penetration Testing Report as a smart practice when it comes to cybersecurity. In fact, though security professionals reported less confidence in their security posture, this loss confidence is a good thing.
Image
blog article thumbnail

Upskilling and Reskilling Your IT Team With User Friendly Offensive Security Tools

 As cybersecurity needs continue to rise, it’s no secret that organizations are having to do more with less. In any given company one can find modern-day use of the old adage, “Patch it up, wear it out, make it do or do without.”  That make it do part is exactly what upskilling and reskilling is all about.
Image
Core Security blog thumbnail

The Advantages of Cybersecurity Vendor Consolidation

First there was the boom – now there’s the bust. Organizations that invested in myriad new solutions to handle the complexity of myriad security problems now have a different problem on their hands – how do you handle all of the vendors?
Image
Core Security blog thumbnail

The Role of In-House Penetration Testing

Security adviser Roger Grimes once famously wrote, "To beat hackers, you have to think like them.” Grimes explained that security professionals should step into the attackers’ shoes and seek how to break into corporate systems, discover weaknesses, and create robust security countermeasures.
Image
Digital gears

Better Together: How Pen Testing Helps Take Vulnerability Assessments to the Next Level

They don’t compete and they aren’t the same. But they are both invaluable to ferreting out and fixing problems within your security architecture. Vulnerability assessments and pen testing – contrary to popular belief – are two sides of the same coin.
Image
Core Security blog thumbnail

An IBM i Hacking Tale

So why are we talking about hacking of an IBM i? I think that's certainly not a headline we see very often, as IBM i systems have been considered un-hackable for years. Anyone who has worked on IBM i has heard some of these statements:  
Image
fta-everything-old-is-new-again-blog-300x300.jpg

Vintage Vulnerabilities: New Attacks Can Exploit Old Weaknesses

Popular entertainment would have us believe that hackers are all sophisticated attackers ready to strike the latest vulnerabilities. That is sometimes true, but it’s become increasingly apparent that whether it’s the latest zero-day bug or something that was discovered the same year Apple released the iPad, hackers are equal-opportunity offenders.    
Image
Understanding CVE Ranking

Hardware Call Stack

Lately, there has been an important increase in the relevance of valid call stacks, given that defenders have started to leverage them to detect malicious behavior. As several implementations of “Call Stack Spoofing” have come out, I decided to develop my own, called Hardware Call Stack. 
Image
how to prevent supply chain attacks

How to Prevent Supply Chain Attacks

The worst thing about supply chain attacks is that the breach is not entirely your fault. Simply by trusting in software and services provided by a third party, they open the door to attack. Attackers look for a softer target in the supplier, gaining access they hope to leverage into more significant attacks.
Image
What are Supply Chain Attacks

What is a Supply Chain Attack and How Can Organizations Defend Against Them?

Supply chain attacks were responsible for 62% of system intrusion incidents, according to Verizon’s 2022 Data Breach Investigations Report. This type of attack is one of the most effective ways to compromise organizations because it targets the weakest link in the security chain. Supply chain attacks usually begin by compromising a supply chain partner, such as a developer, distributor, or supplier.
Image
Understanding CVE Ranking

Understanding CVE Ranking and the Top CVEs

CVE stands for Common Vulnerabilities and Exposures.  The CVE program is a reference list providing an id number, description, and instance of known vulnerabilities. The system has become the standard method for classifying vulnerabilities, used by the U.S. National Vulnerability Database (NVD) and other databases around the globe.
Image
Core Impact Updates: New Version Release and Impacket

Core Impact Updates: New Version Release and Impacket

We’re ringing in the new year with the latest release of Core Impact ! Version 21.3 strengthens the connection between Core Impact and Cobalt Strike, amplifying the capabilities of both tools.
Image
Relationship Between Ransomware and Phishing

What is the Relationship Between Ransomware and Phishing?

Ransomware and phishing are usually put in two separate categories when cyberattack methodologies are discussed.
Image
Core Impact Adds Integrations for Frontline VM and beSECURE

A Spotlight on Cybersecurity: 2022 Trends and 2023 Predictions

In 2022, geopolitical unrest and an expanding online attack surface contributed to the emergence of several themes across the cyber landscape. Infrastructures associated with opposing ideologies were highly targeted, with government agencies, supply chains, and IOT devices falling victim to high-profile campaigns. Cybercriminals launched increasingly advanced attacks on vulnerable entities, with DDoS, ransomware, and hacking for a cause all consistently making headlines.