Perfection is a Myth. Leverage Isn't: How Small Teams Can Secure Their Google Workspace

Let's be honest: if you're one of the first or the first security hires at a small or midsize business, chances are you're also the unofficial CISO, SOC, IT Help Desk, and whatever additional roles need filling. You're not running a security department. You are THE security department. You're...

F5 BIG-IP Next Central Manager Man-in-the-Middle Attack Vulnerability (CNVD-2024-22213)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A man-in-the-middle attack vulnerability exists in F5 BIG-IP Next Central Manager, which can be exploited by an attacker to...

F5 BIG-IP Next Central Manager 信任管理问题漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A man-in-the-middle attack vulnerability exists in F5 BIG-IP Next Central Manager, which can be exploited by an attacker to...

F5 BIG-IP Access Control Error Vulnerability (CNVD-2023-75601)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management and other functions. An access control error vulnerability exists in F5 BIG-IP, which can be exploited by attackers to cross the...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management and other functions. An access control error vulnerability exists in F5 BIG-IP, which can be exploited by attackers to cross the...

Campari Site Suffers Ransomware Hangover

Italian spirits brand Campari has restored its company website following a recent ransomware attack. According to the ransom note, the group behind the breach used Ragnar Locker to encrypt most of Campari’s servers and was holding the data hostage for $15 million in Bitcoin. Campari Group is behi...

Sandbox in security: what is it, and how it relates to malware

To better understand modern malware detection methods, it’s a good idea to look at sandboxes. In cybersecurity, the use of sandboxes has gained a lot of traction over the last decade or so. With the plethora of new malware coming our way every day, security researchers needed something to test ne...

SNIcat - Server Name Indication Concatenator

SNIcat is a proof of concept tool that performs data exfiltration, utilizing a covert channel method via. Server Name Indication , a TLS Client Hello Extension. The tool consists of an agent which resides on the compromised internal host, and a Command &Control Server which controls the agent and...

Fact vs. Fiction: 10 Endpoint Security Myths Debunked

Simply defined, endpoint security protects desktops, laptops, servers, and fixed-function devices from malicious internal and external threats. Endpoint security combines various threat detection, response and prevention technologies to help organizations disrupt cyberattacks. Despite the clear-c...

6 Best Practices to Fight a New Breed of Insider Threats

The current global pandemic has disrupted how organizations work. Some businesses quickly adapt while other organizations are still figuring out the new landscape. Unfortunately, criminals are exploiting vulnerabilities during this challenging time. There has been an 238% increase in cyberattacks...

Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing

Phishing attacks have become one of the business world's top cybersecurity concerns. These social engineering attacks have been rising over the years, with the most recent report from the Anti-Phishing Working Group coalition identifying over 266,000 active spoofed websites, which is nearly doubl...

Traditional perimeter-based network defense is obsolete—transform to a Zero Trust model

Digital transformation has made the traditional perimeter-based network defense obsolete. Your employees and partners expect to be able to collaborate and access organizational resources from anywhere, on virtually any device, without impacting their productivity. Customers expect personalized...

CISO series: Secure your privileged administrative accounts with a phased roadmap

In my role, I often meet with CISOs and security architects who are updating their security strategy to meet the challenges of continuously evolving attacker techniques and cloud platforms. A frequent topic is prioritizing security for their highest value assets, both the assets that have the mos...