Collaborate Disseminate
Anastasia Malashina, a doctoral student at HSE University, has proposed a new method to assess vulnerabilities in encryption systems, which is based on a brute-force search of possible options of symbol deciphering. The algorithm was also implemented i… Continue reading Researchers develop program that helps assess encryption systems’ vulnerabilities
Axonius released a report which reveals the extremes to which the pandemic escalated lack of visibility into IT assets and how that is impacting security priorities. According to the study conducted by ESG, organizations report widening visibility gaps… Continue reading Lack of visibility into IT assets impacting security priorities
You’ve probably seen the term pentesting pop up in security research and articles, but do you know what it really means? Simply put, penetration testing is a security assessment, analysis and a progression of simulated attacks on an application or netw… Continue reading MythBusters: What pentesting is (and what it is not)
Is RCE (Remote Code Execution) just ACE (Arbitrary Code Execution) over a network or is there an example where RCE is not ACE? Is RCE always the more severe of the two (with respect to gaining system admin privileges), or would it depend o… Continue reading RCE vs ACE vulnerability families
I have an Windows 10 desktop application that runs in user mode only, and this application is a local tool only — that is, it does not "talk to the internet".
As an example:
This application uses libxml2 as a DLL distributed in … Continue reading Is an outdated library in a Windows user mode desktop application an actual security risk?
Today, with the world adjusting to the new normal, preparing for cyberattacks requires stringent protective strategies. Experts predict that in 2021, a cyberattack will occur every 11 seconds (nearly twice as frequently as in 2019). Is your network pr… Continue reading Network Penetration Testing: A Primer
My understanding is that, threat modelling is used at the design stage to identify the possible threats, prioritize them and help in identifying security requirements/security controls. Vulnerability assessment is done during development a… Continue reading What is difference & link between threat modelling and vulnerability assessment?
A number of vulnerabilities were fixed in Firefox in the latest update. MSFA2021-08 describes it only as "memory issues that may be exploitable", and doesn’t give any information:
Mozilla developers Alexis Beingessner, Tyson Smi… Continue reading What exactly is CVE-2021-23978 (from MSFA2021-08 in Mozilla Firefox)?
I’m new in the security business and study several documents describing specifications what steps need to be done to secure OT-networks and machines from cyber attacks.
For example, the following specifications:
ISO/IEC 27001
IEC 62443
NI… Continue reading Securing a machine in an OT-network [closed]
We have done vulnerability analysis with third party security team. They have mentioned one point as critical findings but i don’t understand risk associated with it and suggested remedial action also bit confusing.
Finding : Same web appl… Continue reading What are the risks associate with accessing Same web application with two different URLs?