Rakshit Singh | Sr. Offensive Security Consultant No exploit code. No zero-day. No root access. Just plain English and a castle. Environment AWS Bedrock AgentCore | OS: Debian GNU/Linux 12 (Bookworm) | Runtime: Python 3.12 There is a class of attack that does not appear in most threat models for AI systems. It does not […]
Both static application security testing (SAST) and dynamic application security testing (DAST) are methodologies used to test the security of application environments. DAST is a black-box security testing method that tests applications from the outside-in. SAST is a white-box security testing method that tests applications from the inside-out. So, when cyber analysts are using SAST, […]
Mobile applications find many uses in the retail, finance, and health sectors. They’re always just one tap away, and they can include device-specific functionality, which web applications don’t have. One thing which they have in common with web apps, though, is a need to be very careful about their security. Penetration testing for mobile apps is […]
Most businesses are aware of the threats posed by external hackers or malicious actors to their business. Thousands—if not millions—of dollars are spent annually by these businesses to safeguard their network against unauthorized external access. However, most businesses do not invest as much effort or resources to guard against insider threats to their business. Insider […]
Everyone claims to have network security in place. This doesn’t mean that everyone has network security that works. Unverified, untested cybersecurity is better than none at all, but it isn’t enough. Many businesses are stuck in a system of protection that no longer works, if it ever did. Verizon’s 2018 Data Breach Investigations Report suggests that the […]
2018 was a more expensive year for businesses that were victims of cyber-attacks compared to the previous years. Hackers and other malicious actors adopted innovative strategies for penetrating business networks and remaining undetected for longer periods. The 2018 cost of a data breach study conducted by the Ponemon Institute showed that there was a 2.2 percent increase […]
Many companies regard API security issues as events that only happen to large businesses (250+ employees) like T-Mobile, and McDonalds. It’s true: cyberattacks are most frequently targeted toward companies that possess expansive quantities of data that can be stolen by using the least amount of effort. Even though corporations of that size manage to glide […]
Last week, it was revealed that the Starwood guest reservation system had been hacked, affecting 500 million guests. The Starwood chain is a subsidiary of Marriott International, and they are picking up the pieces of the breach, which dates back to 2014. Personal information of the 500 million guests have been compromised, including names, email […]
On October 25th, I was contacted via LinkedIn Messenger by a new connection I had added five days earlier. The message was pertaining to a potential business opportunity. By reading the text and looking at the compensation offered to sit on a board of directors, I had already noticed something wrong; the compensation didn’t make […]
It’s difficult to know what is real and what is fake in the cyber world because most computer users are ignorant of ever-evolving threats. It’s not their fault because professional cybercriminals can mask their viruses, like Trojans. The XMRig CPU Miner is a Trojan Horse that many unsuspecting users install. It hijacks the user’s computer […]