Collaborate Disseminate
Our employees use few SaaS collaboration applications (e.g project management). I was wondering what controls we should controls on the vendor we should put?
Example: Asana is a web and mobile application designed to help teams organize,… Continue reading How to secure our organization when our employees using different collaboration SaaS services? [closed]
What are the existing types of vulnerabilities that could result in exploits that do not require user interaction (e.g. zero-click)? I’m trying to understand the type of zero-click attack type for us to plan proper mitigation in code.
What controls should we put in our code to protect our application from zero-click attacks?
If AV auto-scan will detect and prevent the malware from executing why there is a need to enable schedule/full scans?
I’m asking because a full scan can create sometimes overhead on the machine and network, so I’m trying to understand th… Continue reading What are the benefits of enabling antivirus full scanning?
With the Coronavirus happening, employees use remote access to work remotely from not organizational laptop access to their VDI or remote access machine via company’s web portal (e.g. SSL Portal VPN). I was wondering if the laptop is infec… Continue reading What are some of malware-based MITM attacks that can compromise the organization when working remotely?
Cognitive hacking some say is a new type of hacking field and some say it is something that been there for many years. Exploring the chapters of WIKI and using projects like MisinfoSec, got me confused about the differences b… Continue reading Should we consider Deepfakes and fakenews as disinformation or misinformation? [closed]
I am posting sometimes photos of things I find nice on social media. I’m trying to understand if hackers can retrieve my fingerprints from the photo? if so, how they might abuse it?
Continue reading Can hackers retrieve my fingerprints from a photo published on social media?
In the case of social engineering attack vector is an email sent with a malicious attachment like XSL file, I am not really understanding where we will need Sandbox solution if we can just use CDR (content disarm and reconstr… Continue reading If we integrate CDR in our email solution, do we really need Sandbox as well?
I can read many different attack vectors like swapping and porting but not sure if all those attacks are relevant about eSIM, can you please explain what are a security risk and attack vectors that will target eSIM?
One of the presentations in Blackhat 2019 was about EPSS (Exploit Prediction Scoring System). It seems like a good idea but still not sure if we should drop the current process, and adopt this one. Should we drop the correct … Continue reading CVSS or EPSS? Confused which of them we should use [closed]