security assessment – WindowsTechs.com

Analysis of user password strength

Posted on June 18, 2024 by Alexey Antonov

Kaspersky experts conducted a study of password resistance to attacks that use brute force and smart guessing techniques. Continue reading Analysis of user password strength→

Cinterion EHS5 3G UMTS/HSPA Module Research

Posted on June 13, 2024 by Kaspersky ICS CERT

We performed the security analysis of a Telit Cinterion modem in course of a bigger project of security assessment of a popular model of a truck and found eight vulnerabilities. Continue reading Cinterion EHS5 3G UMTS/HSPA Module Research→

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Posted on June 11, 2024 by Georgy Kiguradze

The report analyzes the security properties of a popular biometric access control terminal made by ZkTeco and describes vulnerabilities found in it. Continue reading QR code SQL injection and other vulnerabilities in a popular biometric terminal→

A journey into forgotten Null Session and MS-RPC interfaces

Posted on May 23, 2024 by Haidar Kabibo

This is the first part of the research, devoted to null session vulnerability, unauthorized MS-RPC interface and domain user enumeration. Continue reading A journey into forgotten Null Session and MS-RPC interfaces→

Finding software flaws early in the development process provides ROI

Posted on March 29, 2024 by Help Net Security

Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software Quality estimates that the cost of poor software quality in the United States rea… Continue reading Finding software flaws early in the development process provides ROI→

Top 10 web application vulnerabilities in 2021–2023

Posted on March 12, 2024 by Oxana Andreeva, Kaspersky Security Services

Our Security assessment team set up rankings that reflected our take on the most widespread and critical web application vulnerabilities as viewed through a prism of eight years’ experience. Continue reading Top 10 web application vulnerabilities in 2021–2023→

ResumeLooters target job search sites in extensive data heist

Posted on February 6, 2024 by Help Net Security

Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. The group, dubbed ResumeLooters, successfully infected at least 65 websites between November and December 2… Continue reading ResumeLooters target job search sites in extensive data heist→

Selecting the right MSSP: Guidelines for making an objective decision

Posted on March 30, 2023 by Roman Nazarov

This paper aims to provide guidance for organizations looking to select an MSSP and help to identify the benefits and drawbacks of using an MSSP. Continue reading Selecting the right MSSP: Guidelines for making an objective decision→

Good, Perfect, Best: how the analyst can enhance penetration testing results

Posted on February 10, 2023 by Olga Zinenko, Kaspersky Security Services

What is the analyst on a penetration testing team, what role they perform at Kaspersky, and why is their job vital to the success of the project? Continue reading Good, Perfect, Best: how the analyst can enhance penetration testing results→

MVSP: A minimum cybersecurity baseline to simplify vendor security assessment

Posted on October 28, 2021 by Zeljka Zorz

Any organization that’s actively working on managing its cybersecurity risk can’t ignore the risk that goes with third-party vendors having access to its critical systems and customer data. “Up until today, organizations of all sizes … Continue reading MVSP: A minimum cybersecurity baseline to simplify vendor security assessment→