Security News
In today's world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. Asking a 'CREST member company' to carry out a pen-test does not guarantee that the consultant performing your test is certified themselves - merely that the company is morally obliged to provide you with a suitable tester.
Traditional security operations teams are not equipped to proactively monitor web applications for vulnerabilities and ensure that standardized web application security practices are consistently followed. Outpost24's Pentesting-as-a-Service is a hybrid service that helps organizations continuously monitor their web applications for vulnerabilities.
In this Help Net Security video, Tony Lambert, Senior Malware Analyst at Red Canary, talks about how adversaries’ favorite tools are legitimate tools that are used for malicious purposes. The post...
In The State of Pentesting 2022 Report, Cobalt studied data from 2,380 pentests and surveyed 602 cybersecurity and software development professionals. The report focuses on issues and stats relevant to both the security and development teams.
XMGoat is an open-source tool that enables penetration testers, red teamers, security consultants, and cloud experts to learn how to abuse different misconfigurations within the Azure environment. Misconfigurations within Azure environments are common.
Does your pentesting program bring enough value? Find out in this exclusive in-depth report comparing Pentest as a Service vs. traditional consulting engagements and check out our ROI calculator to learn how PtaaS can double your pentesting impact. Pentests, whether done with traditional consulting firms or up-and-coming PtaaS providers, have become a critical component across all security programs.
The FIN7 hacking group is attempting to join the highly profitable ransomware space by creating fake cybersecurity companies that conduct network attacks under the guise of pentesting.The Gemini researchers found that FIN7 was offering between $800 and $1,200 per month to recruit C++, PHP, and Python programmers, Windows system administrators, and reverse engineering specialists by following tips from an unnamed source.
Realtek SDK vulnerability exploitation attempts detectedThreat actors are attempting to exploit CVE-2021-35395, a group of vulnerabilities in the web interface of the Realtek SDK, to spread Mirai malware to vulnerable IoT devices. ProxyShell vulnerabilities actively exploited to deliver web shells and ransomwareThree so-called "ProxyShell" vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world, the Cybersecurity and Infrastructure Security Agency warned.
The security talent gap is not getting any smaller and people are coming up with some outlandish ideas for closing it. We should automate as much as we can, but relying only on automated security testing of your systems and networks will not protect your enterprise.
In The State of Pentesting 2021 report we dive into data from 1,602 pentests performed in 2020 on Cobalt's Pentest as a Service platform. We also survey 601 security practitioners, who are not Cobalt customers, to validate our findings.