91 matches found
Matrix 安全漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability in Matrix matrix-nio prior to version 0.19 stems from a vulnerability that allows a malicious home server to insert a room key of questionable validity into the keystore under certain...
What Is Your Security Team Profile? Prevention, Detection, or Risk Management
Not all security teams are born equal. Each organization has a different objective. In cybersecurity, adopting a proactive approach is not just a buzzword. It actually is what makes the difference between staying behind attackers and getting ahead of them. And the solutions to do that do exist!...
Hive Pro Welcomes Pierre Noel as New Chief Information Security Officer
New CISO to Support Growth Milpitas, California, July 28, 2022 -- Hive Pro, a cyber security company specializing in Cyber Threat Exposure Management, has appointed Pierre Noel as its new Chief Information Security Officer CISO. He has been hired with the vision of supporting growth in the compan...
4 Steps the Financial Industry Can Take to Cope With Their Growing Attack Surface
The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread use of mobile banking apps, chat-based customer service, and other digital tools. Adobe's 2022 FIS Trends Report, for instance, found that more than half of th...
Microsoft Defender for Office 365 receives highest award in SE Labs Enterprise Email Security Services test
In today’s evolving threat landscape, email represents the primary attack vector for cybercrime, making effective email protection a key component of any security strategy.1 In Q1 2022, Microsoft participated in an evaluation of email security solutions, carried out by SE labs—a testing lab focus...
AWS-Threat-Simulation-and-Detection - Playing Around With Stratus Red Team (Cloud Attack Simulation Tool) And SumoLogic
This repository is a documentation of my adventures with Stratus Red Team - a tool for adversary emulation for the cloud. Stratus Red Team is "Atomic Red Team for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner. We run the attacks covered in the...
Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop
You’re tasked with protecting your environment, and you’ve invested significant time and resources into deploying and configuring your tools — but how do you know if the security controls you’ve put into place are effective? The challenge continues to grow as attacker tactics, techniques, and...
Log4j Bringing You Down? Try Infection Monkey’s New Log4Shell Attack Simulation
What if you could see how a real cyberattack might unfold in your network? Imagine the insights you would gain into your security posture if you could safely and easily simulate the behavior of malicious actors before they hit your defenses. That’s what the Infection Monkey does...
How Extended Security Posture Management Optimizes Your Security Stack
As a CISO, one of the most challenging questions to answer is "How well are we protected right now?" Between the acceleration of hackers' offensive capabilities and the dynamic nature of information networks, a drift in the security posture is unavoidable and needs to be continuously compensated...
Protect against phishing with Attack Simulation Training in Microsoft Defender for Office 365
Sophisticated cyberattacks are on the rise, with email phishing as the most common attack vector. We’ve seen it all over the news with stories like Hafnium that targeted Exchange servers1 or the Nobelium attack against SolarWinds,2 which show just how easy it is for bad actors to distribute a...
Protect against phishing with Attack Simulation Training in Microsoft Defender for Office 365
Sophisticated cyberattacks are on the rise, with email phishing as the most common attack vector. We’ve seen it all over the news with stories like Hafnium that targeted Exchange servers1 or the Nobelium attack against SolarWinds,2 which show just how easy it is for bad actors to distribute a...
Guide: How to Hack API in 60 minutes or API Threats Simulation with Open-Source Tools
What is API? API is the abbreviation for Application Programming Interface, which is a product middle person that permits two applications to converse with one another. Useful link: Api security tutorial for beginners and professionals What Is API Testing: Benefits, Types, How To Start OpenAPI...
My thoughts on the “2021 Gartner Market Guide for Vulnerability Assessment”. What about the quality?
The Gartner Vulnerability Management Reports are one of the few marketing reports that I try to read regularly. This started back in the days when I was working for a VM vendor doing competitive analysis. Gartner is one of the few organizations that think about Vulnerability Assessment and...
Stopping Carbanak+FIN7: How Microsoft led in the MITRE Engenuity® ATT&CK® Evaluation
In MITRE Engenuity’s recent Carbanak+FIN7 ATT&CK Evaluation, Microsoft demonstrated that we can stop advanced, real-world attacks by threat actor groups with our industry-leading security capabilities. In this year’s evaluation, we engaged our unified Microsoft 365 Defender stack, with...
vulhub
This is an open-source collection of pre-built vulnerable docker environments. It is a toolkit for defensive blue-team research and threat mitigation, providing a platform for testing and analyzing vulnerabilities in a controlled environment. The repository contains a variety of vulnerable...
Microsoft unifies SIEM and XDR to help stop advanced attacks
For all of us in security, the last twelve months have been an incredible series of challenges—from balancing remote work with family priorities, to helping build resilient businesses, and protecting against the latest attacks. 2020 showed us that while we have made great progress, there is still...
Red Team — Automation or Simulation?
What is the difference between a penetration test and a red team exercise? The common understanding is that a red team exercise is a pen-test on steroids, but what does that mean? While both programs are performed by ethical hackers, whether they are in-house residents or contracted externally, t...
How to detect and mitigate phishing risks with Microsoft and Terranova Security
Detect, assess, and remediate phishing risks across your organization A successful phishing attack requires just one person to take the bait. That’s why so many organizations fall victim to these cyber threats. To reduce this human risk, you need a combination of smart technology and people-centr...
UPDATE: Infection Monkey 1.9.0
Infection Monkey 1.9.0, the open source breach and attack simulation tool was released a few hours ago - just in time for BlackHat/DefCon 2020. My first post about this tool can be found in a post titled the List of Adversary Emulation Tools. Updates include an expanded list of MITRE ATT&CK...
nccfsas
Introduction This repo...