security assessment – WindowsTechs.com

Approach to mainframe penetration testing on z/OS

Posted on August 20, 2024 by Denis Stepanov, Alexander Korotin

We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems. Continue reading Approach to mainframe penetration testing on z/OS→

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)

Posted on August 9, 2024 by Zeljka Zorz

Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the software’s vaults and obtain the account unlock key, AgileBits has confi… Continue reading Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)→

Analysis of user password strength

Posted on June 18, 2024 by Alexey Antonov

Kaspersky experts conducted a study of password resistance to attacks that use brute force and smart guessing techniques. Continue reading Analysis of user password strength→

Cinterion EHS5 3G UMTS/HSPA Module Research

Posted on June 13, 2024 by Kaspersky ICS CERT

We performed the security analysis of a Telit Cinterion modem in course of a bigger project of security assessment of a popular model of a truck and found eight vulnerabilities. Continue reading Cinterion EHS5 3G UMTS/HSPA Module Research→

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Posted on June 11, 2024 by Georgy Kiguradze

The report analyzes the security properties of a popular biometric access control terminal made by ZkTeco and describes vulnerabilities found in it. Continue reading QR code SQL injection and other vulnerabilities in a popular biometric terminal→

A journey into forgotten Null Session and MS-RPC interfaces

Posted on May 23, 2024 by Haidar Kabibo

This is the first part of the research, devoted to null session vulnerability, unauthorized MS-RPC interface and domain user enumeration. Continue reading A journey into forgotten Null Session and MS-RPC interfaces→

Finding software flaws early in the development process provides ROI

Posted on March 29, 2024 by Help Net Security

Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software Quality estimates that the cost of poor software quality in the United States rea… Continue reading Finding software flaws early in the development process provides ROI→

Top 10 web application vulnerabilities in 2021–2023

Posted on March 12, 2024 by Oxana Andreeva, Kaspersky Security Services

Our Security assessment team set up rankings that reflected our take on the most widespread and critical web application vulnerabilities as viewed through a prism of eight years’ experience. Continue reading Top 10 web application vulnerabilities in 2021–2023→

ResumeLooters target job search sites in extensive data heist

Posted on February 6, 2024 by Help Net Security

Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. The group, dubbed ResumeLooters, successfully infected at least 65 websites between November and December 2… Continue reading ResumeLooters target job search sites in extensive data heist→

Selecting the right MSSP: Guidelines for making an objective decision

Posted on March 30, 2023 by Roman Nazarov

This paper aims to provide guidance for organizations looking to select an MSSP and help to identify the benefits and drawbacks of using an MSSP. Continue reading Selecting the right MSSP: Guidelines for making an objective decision→