Security News

Outpost24: How Pentesting-as-a-Service finds vulnerabilities before they're exploited
2022-10-26 14:46

Traditional security operations teams are not equipped to proactively monitor web applications for vulnerabilities and ensure that standardized web application security practices are consistently followed. Outpost24's Pentesting-as-a-Service is a hybrid service that helps organizations continuously monitor their web applications for vulnerabilities.

How adversaries are leveraging pentesting tools to launch attacks
2022-07-19 04:30

In this Help Net Security video, Tony Lambert, Senior Malware Analyst at Red Canary, talks about how adversaries’ favorite tools are legitimate tools that are used for malicious purposes. The post...

State of Pentesting 2022 report: Interactive event and open discussion
2022-04-19 01:00

In The State of Pentesting 2022 Report, Cobalt studied data from 2,380 pentests and surveyed 602 cybersecurity and software development professionals. The report focuses on issues and stats relevant to both the security and development teams.

XMGoat: Open-source pentesting tool for Azure
2021-12-08 06:30

XMGoat is an open-source tool that enables penetration testers, red teamers, security consultants, and cloud experts to learn how to abuse different misconfigurations within the Azure environment. Misconfigurations within Azure environments are common.

Report: The ROI of Modern Pentesting 2021
2021-11-18 03:45

Does your pentesting program bring enough value? Find out in this exclusive in-depth report comparing Pentest as a Service vs. traditional consulting engagements and check out our ROI calculator to learn how PtaaS can double your pentesting impact. Pentests, whether done with traditional consulting firms or up-and-coming PtaaS providers, have become a critical component across all security programs.

FIN7 tries to trick pentesters into launching ransomware attacks
2021-10-21 16:24

The FIN7 hacking group is attempting to join the highly profitable ransomware space by creating fake cybersecurity companies that conduct network attacks under the guise of pentesting.The Gemini researchers found that FIN7 was offering between $800 and $1,200 per month to recruit C++, PHP, and Python programmers, Windows system administrators, and reverse engineering specialists by following tips from an unnamed source.

Week in review: ProxyShell and Realtek SDK vulnerabilities exploitation, automated pentesting
2021-08-29 08:00

Realtek SDK vulnerability exploitation attempts detectedThreat actors are attempting to exploit CVE-2021-35395, a group of vulnerabilities in the web interface of the Realtek SDK, to spread Mirai malware to vulnerable IoT devices. ProxyShell vulnerabilities actively exploited to deliver web shells and ransomwareThree so-called "ProxyShell" vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world, the Cybersecurity and Infrastructure Security Agency warned.

Why automated pentesting won’t fix the cybersecurity skills gap
2021-08-23 06:00

The security talent gap is not getting any smaller and people are coming up with some outlandish ideas for closing it. We should automate as much as we can, but relying only on automated security testing of your systems and networks will not protect your enterprise.

Report: The State of Pentesting 2021
2021-08-09 02:00

In The State of Pentesting 2021 report we dive into data from 1,602 pentests performed in 2020 on Cobalt's Pentest as a Service platform. We also survey 601 security practitioners, who are not Cobalt customers, to validate our findings.

UK's Ministry of Defence coughs up bug bounties for crowdsourced pentesting
2021-08-03 14:20

The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed web-accessible systems for vulnerabilities, according to a cheery missive from HackerOne. A month-long "Hacker security test" culminated in a couple of dozen folk being handed unspecified rewards - and marking the first public confirmation of HackerOne's UK government partnership.