Cyber Security News & Current Events

Intro to Injection Vulnerabilities and the OWASP Top 10

Posted by Kristian on 9/04/19 7:15 AM
Overview

Injection vulnerabilities are the most common result of mixing user input with system control. An injection vulnerability can have catastrophic results for a system, potentially leading to a full database dump, and laying the groundwork for a remote shell. In layman's terms, this means an attacker controls the entire system and has access to all data.

Read More

Topics: Fundamentals, Pentesting, Authentication, Compromise

Security Fundamentals - Part 3: Controlling Admin Privileges

Posted by Tim on 14/12/18 12:22 PM

In Part 2, the importance of a well-maintained and well-structured hardware and software inventory and the benefits of vulnerability management was explained. The next step in the process of getting on top of security basics is gaining control of the environment. This step should be easier and more efficient if the earlier steps of creating a comprehensive inventory were completed.

Read More

Topics: Insider, Fundamentals, Authentication

Bits of Entropy - The Importance of Complex Passwords

Posted by Kristian on 22/11/18 11:42 AM

Passwords are obviously required to keep your online accounts and data safe, but how strong is your password? The idea of a strong password can be hard to quantify and most places require your passwords to meet some requirements. It's common to see "Your password must contain characters from three of the following categories" to be able to set your password. These requirements are in place to raise the entropy of a password and make it much harder for an attacker to guess your password.

 

Read More

Topics: Fundamentals, Authentication

Why multi-factor authentication is worthwhile

Posted by Nat on 19/09/17 11:15 AM

Multi-factor, or two-factor, authentication (MFA, 2FA) has seen increasing adoption and public awareness. What is it? What benefits does it provide? Is it really worth all that hassle? And how can I justify the time spent implementing and maintaining a MFA solution?

Read More

Topics: Authentication, Phishing

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe:

Recent Posts