Collaborate Disseminate
On December 9, 2021, a (now deleted) tweet linking to a 0-day proof of concept (PoC) exploit (also now deleted) for the Log4Shell vulnerability on GitHub set the internet on fire and sent companies scrambling to mitigate, patch and then patch again as … Continue reading The Log4j debacle showed again that public disclosure of 0-days only helps attackers
Druva introduced a curated recovery technology, leveraging intelligent automation, for accelerated ransomware recovery. Adding to Druva’s Accelerated Ransomware Recovery module, Druva Curated Recovery mitigates the impact of a ransomware attack, buildi… Continue reading Druva introduces curated recovery technology for accelerated ransomware recovery
I read with interest the latest batch of evaluation data from MITRE on various endpoint solutions, this time focusing on the detect, response and containment of these various solutions against malware created by FIN7 and CARBANAK threat groups. While a… Continue reading Why cybersecurity products always defy traditional user reviews
As part of its crowdsourced security program, Zoom has recently increased the maximum payout for vulnerabilities to $50,000. Such figures make great headlines and attract new talent in search of the big bucks, but here is a question that begs to be ans… Continue reading How much is a vulnerability worth?
In the past few years, the use of automation in many spheres of cybersecurity has increased dramatically, but penetration testing has remained stubbornly immune to it. While crowdsourced security has evolved as an alternative to penetration testing in … Continue reading Can automated penetration testing replace humans?
Crowdsourced security isn’t new anymore, having existed in one form or another as a consumable enterprise service since 2013 with the launch of the main crowdsourced platforms (HackerOne, Bugcrowd and Synack). Slowly but surely, these platforms challen… Continue reading Crowdsourced pentesting is not without its issues