Cyber Security Awareness and Vulnerabilities Blog

cs-what-is-rubber-stamping-resize.png

Bulk approvals of requests to have access to any of the various systems and assets quickly becomes a security concern. In order to avoid giving into the temptation to rush approvals of these requests without adequate review, organizations must first understand the damage that can result from overusing approvals, why it happens, and how this can be prevented.

Read More

cs-dark-web-blog-resize 2.jpg

Even as its top marketplace, Dream Market, prepares to close its doors, the dark web continues to thrive. In fact, Darkode, one of the most well-known hacking forums and black markets, has recently reopened. And what are some of the most common wares…

Read More

Why you need IGA2.png

Demands on organizations continue to intensify – the precarious balance of requests for more access with the need to be more secure is difficult to maintain. Additionally, all of this is to be achieved faster, with fewer resources. It is more important than…

Read More

5 Phases of Pen Testing resize.png

Through penetration testing, you can proactively identify the most exploitable security weaknesses before someone else does. However, there’s a lot more to it than the actual act of infiltration. Pen testing is a thorough, well thought out project that consists of several phases.…

Read More

Teaching Old Malware New Tricks 2.png

Learn how Mirai works, what its newest features are, and how you can protect your organization from this destructive malware strain. 

Read More

The Internet of Things (IoT) stands to have a tremendous impact on business – and life – as we know it. Gartner estimates that by 2020 the IoT will grow to 26 billion units installed, and IoT product and service suppliers will generate…

Read More

Advanced Persistent Threats (APTs) are a cybercrime category directed at business and political targets. APTs require a high degree of stealth over a prolonged duration of operation in order to be successful. The attack objectives typically extend beyond immediate financial gain, and compromised…

Read More

In a previous blog post, I described how I bypassed the patch for the first fix for CVE-2018-15422. That bypass was also discovered by other researchers as well. You can check that out in Cisco’s updated advisory. Now, WebExec was the name given to…

Read More

What is Penetration Testing? Penetration testing is a direct test of an application, a device, a website, an organization, and even the people that work at an organization. It first involves attempting to identify and then attempting to exploit different security weaknesses that can…

Read More

As an exploit writer, one of my tasks consists of gathering common vulnerabilities and exposures (CVE) and all of the information related to them in order to design an exploit for Core Impact. As part of this process I stumbled across CVE-2018-15422: A…

Read More