Collaborate Disseminate
The definitive OWASP Top 10 2021 list is out, and it shows that broken access control is currently the most serious web application security risk. How is the list compiled? “We get data from organizations that are testing vendors by trade, bug bo… Continue reading OWASP Top 10 2021: The most serious web application security risks
I work for a company with a large user base. There is a requirement to allow users to add printers to their laptops e.g. when working from home.
What are the security risks?
Is their a bad actor can use a printer to hack the laptop?
Can a … Continue reading What are the risks of allowing general users to add printers to their company laptops?
I have setup a VM on our internal network and it is assigned an internal IP address. The VM requires connectivity to a couple of internet sites mainly Microsoft and ports are generally 80 and 443. This is to run Power Automate.
All connec… Continue reading Do i place this service in the DMZ or datacentre(internal)?
Join us on Wednesday, July 14 at noon Pacific for the SCADA Security Hack Chat with Éireann Leverett! As a society, we’ve learned a lot of hard lessons over the …read more Continue reading SCADA Security Hack Chat
As per the question what are the risks?
if we did go ahead with this and some of our users installed a supplier’s VPN client on to our corporate machines, once the connection is establish can a threat actor from the supplier use that conne… Continue reading A 3rd party supplier is asking us to install their VPN client onto our corporate machines to enable access to their environment, is this a good idea?
Working as security consultants is highly rewarding. Companies depend on us to view their environment from the perspective of an attacker and find vulnerabilities that could enable threats to succeed. One of the most impactful parts of our role is when we’re the first to find a major vulnerability that could lead to a widespread […]
The post How One Application Test Uncovered an Unexpected Opening in an Enterprise Call Tool appeared first on Security Intelligence.
Continue reading How One Application Test Uncovered an Unexpected Opening in an Enterprise Call Tool
I was reviewing our existing architecture of the application and found that the database virtual machine opened port 25 for communicating with email server in the internet.
What are risks? I want to do a risk assessment of this vulnerabi… Continue reading What are the risks we can foresee when our database having outbound connection to internet through port 25? [closed]
Cybersecurity has always been a significant challenge for businesses, mostly due to the increasing financial and reputational cost of data breaches. As a result, there has been a consistent rise in tactics and technologies used to combat these threats…. Continue reading 2021 Cybersecurity: Mitigating Mobile Security Risks for CISOs
E-commerce is on the rise, but that also means the risk, and occurrence, of e-commerce fraud is, too. Now, Forter, one of the startups building a business to tackle that malicious activity, has closed $300 million in funding — a sign both of the size of the issue, and its success in tackling it to […] Continue reading Forter raises $300M on a $3B valuation to combat e-commerce fraud
E-commerce is on the rise, but that also means the risk, and occurrence, of e-commerce fraud is, too. Now, Forter, one of the startups building a business to tackle that malicious activity, has closed $300 million in funding — a sign both of the size of the issue, and its success in tackling it to […] Continue reading Forter raises $300M on a $3B valuation to combat e-commerce fraud