Security News
As more and more networks are implementing Resource Public Key Infrastructure validation and signing of their BGP routes-to protect themselves against route hijacks and leaks, what should happen in case the critical RPKI goes down? ARIN plans on performing unannounced maintenance of its RPKI, sometime in July, for about thirty minutes to check if networks are adhering to BGP best practices.
Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999. "With every directory traversal attack the target program is required to be on the same drive as the webserver. In our case we needed the system32 folder to be on the same drive as the IIS install." This was apparently easy enough in the lab but it was not spelled out in the blog post as to whether this was how the NT4 IFE system was configured aboard the 747.
Microsoft has released SimuLand, an open-source lab environment to help test and improve Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios. SimuLand test labs "Provide use cases from a variety of data sources including telemetry from Microsoft 365 Defender security products, Azure Defender, and other integrated data sources through Azure Sentinel data connectors," MSTIC Threat Researcher Roberto Rodriguez said.
UK rail operator West Midlands Trains sent an email to 2,500 employees to thank them for hard work during COVID and promised a one-time bonus as a reward, but that lovely news turned out to be phishing training. The event may end up costing the UK train operating company as Cortes has demanded the company make good and provide the promised bonuses.
What can security leaders do to make sure they're prepared and hone their skills ahead of the next inevitable threat? Now, they can test themselves and their knowledge at a new website, The CISO Challenge. Launched by XDR provider Cynet, it aims to let information security leaders to test their cybersecurity mettle.
Manual penetration testing is increasingly challenged by automated methods of vulnerability discovery and management. The reasons are not difficult to understand: the cost and coverage of manual testing is too high and too limited.
Check Your Domain Today! Use our free tool to examine your domain's DMARC, SPF, DKIM, BIMI, and MTA-STS records instantly to ensure your domain is protected from impersonation and email fraud! The first step towards improving the email security of your domain is to assess how properly it is secured against security breaches, email fraud, BEC, and spoofing.
Twinkle, twinkle, little hacker How I wonder what you are Up above the world so high Like a diamond in the sky Twinkle, twinkle little hacker How I wonder what you are When the blazing sun is gone...
SmartBear has integrated TestComplete, its UI test automation tool, with BitBar, its native mobile device cloud. TestComplete users are now able to create a codeless mobile test and then use these tests in BitBar across devices.
A North Korean government-backed APT group has been caught using a fake pen-testing company and a range of sock puppet social media accounts in an escalation of a hacking campaign targeting security research professionals. The notorious hacking group, first exposed by Google earlier this year, returned on March 17th with a website for a fake penetration testing company.