Security News

So how do you go about getting an external penetration test? Scheduling an external pentest should be as simple as asking your managed service provider or IT consultancy, and pointing them at your perimeter systems. An external pen test is normally run on a "Black Box" basis, which means no privileged information is provided to the testers.

Google has announced more details regarding turning off support for the Google Chrome Manifest V2 extension as the company pushes more developers to transition to Manifest V3. An update from the Chrome team says that they will proceed in careful, experimental steps, ensuring a smooth end-user experience during the phase-out of Manifest V2 in June 2023. In January 2022, the Chrome Web Store stopped accepting new extensions built on Manifest V2. According to the original roll-out timeline released by Google a year ago, starting from January 2023, all extensions built on Manifest V2 would stop working on the Chrome browser.

Google's open source security team says OSS-Fuzz, its community fuzzing service, has helped fix more than 8,000 security vulnerabilities and 26,000 other bugs in open source projects since its 2016 debut. The group would like to see open source developers do more fuzzing to make the world a better place, or at least make software a bit more secure.

Offensive Security has released Kali Linux 2022.3, the latest version of its popular penetration testing and digital forensics platform. The Kali Team knows the importance of practicing instead of relying on theory, and for infosecurity professionals, test labs are a way to test tools and hone their own skills in a legal environment.

CIS-CAT Lite is the free assessment tool developed by the CIS, which helps users implement secure configurations for multiple technologies. With unlimited scans available via CIS-CAT Lite, your organization can download and start implementing CIS Benchmarks in minutes.

DataDome - a seven-year-old company whose job it is to protect websites, mobile apps and APIs from online fraud and automated threats - doesn't believe the end of CAPTCHA is nigh. If anomalies indicate a bot is trying to access the site, DataDome's technology may move the session to a CAPTCHA. Even then, the signals will indicate whether it's the legitimate user or something else using DataDome CAPTCHA. "It's not only about if the CAPTCHA is solved," Fabre said.

More recently, mergers, acquisitions, and divestitures have surfaced as key use case as companies increasingly look to add or pare down their businesses against the backdrop of a volatile global economic environment, according Chaudhry, Zscaler's chairman and CEO. Speaking at the their recent Zenith Live 2022 event, Chaudhry said Zscaler's cloud-based Zero Trust Exchange platform and underlying technologies have been used in about 300 acquisitions and divestitures over the past three years to reduce the complexity and time involved in merging two networks together or breaking one apart. "I did not think of this use case when I started the company," he told The Register.

Quick show of hands: who came home from this year's RSA Conference without COVID-19? RSA Conference organizers required all attendees to show proof of vaccination or a negative test for their first entry into Moscone Center.

Microsoft is testing a new feature in the latest Windows 11 preview build that displays an Internet search box directly on the desktop. The problem is that it does not honor your default browser and only uses Bing and Microsoft Edge instead. This new feature is currently being tested with a small subset of Windows Insiders running the Windows 11 build 25120 on the 'Dev' channel.

In the heat of the moment, I've been called much worse - because I've spent countless hours attacking organizations like yours with ransomware. Are your critical backups viable and well-protected?