Collaborate Disseminate
I wonder why certification (common criteria and stuff like that) of security critical hardware that is meant to be used in datacenters (e.g. link encryptors) includes some tests related to TEMPEST attacks.
It seems to me that the actual te… Continue reading Why does certification for datacenter equipment test for TEMPEST?
I am researching articles about McAfee and the list of products against Mitre Att&ck. I am performing an assessment on whether they are able to perform the detection and prevention against each techniques covered in Mitre Att&ck. … Continue reading McAfee Security Control against Mitre Att&ck
I encounter a scenario which the attacker create a .jpg file containing javascript code
and after uploading, the script will be executed on the browser while the .jpg file is displaying.
I configured all xss prevention settings on fortiweb… Continue reading Prevent XXS through file using WAF?
The digital threat landscape as a whole is constantly changing and evolving. That can make it difficult to keep track of new developments for specific threats like ransomware. Don’t worry though, Cybereason has got you covered.
The post Five Thing… Continue reading Five Things You Need to Know About Ransomware Attacks
The long-awaited 2020 MITRE ATT&CK evaluations are out! With the MITRE ATT&CK framework now being the standard by which Defenders can measure the effectiveness of various solutions in tracking adversary behavior, cyber vendors are cherry-p… Continue reading MITRE ATT&CK: Cybereason Dominates the Competition
To paraphrase an old saying: “One person’s prevention is another person’s protection.” This may well apply to the wearing of masks during the pandemic, the efficacy of which is still being hotly debated by some. Having gone through various iterations, … Continue reading Cybersecurity Lessons from the Pandemic: Protection
I’m going to be searching within byte range 90,000 – 99,999, explicitly for executables. Each found will be executed on the same system before the next jump. If execution is successful, the file will be retained for further inspection at a… Continue reading Which security measures would be helpful for running executables from a mathematically-safe range? Do I need to take any?
Security researchers attributed a spike in Snake ransomware activity to a new campaign that’s targeted organizations worldwide. Snake ransomware first attracted the attention of malware analysts in January 2020 when they observed the crypto-malwa… Continue reading Spike in Snake Ransomware Activity Attributed to New Campaign
I know they say CSRF tokens are the most secure way to prevent CSRF attacks but what if someone uses XHR to retrieve the page containing the csrf token along with the form and then use that token for his attacks?
Why they don’t say “Refer… Continue reading Retrieving CSRF token from third party website form using XHR (JavaScript)
Security researchers spotted a new ransomware strain called “Ransomwared” demanding explicit pictures from its victims as a means of payment. Upon successful infection, Ransomwared runs its encryption routine, appending the file extensions … Continue reading ‘Ransomwared’ Ransomware Strain Demands Explicit Pictures as Payment