From Compliance to Confidence: Achieving CMMC 2.0 Certification
For many contractors, navigating the complexities of CMMC compliance presents significant challenges. The Cybersecurity Maturity Model Certification (...
Continuous Ransomware Validation: Why Annual Testing Is No Longer Enough
Ransomware isn’t just a security issue; it’s a business problem that’s grown too big to ignore. What started as floppy-disk attacks back in the 1980s ...
What is BAS 2.0 and Why You Need It
In a fast-evolving threat landscape, traditional Breach and Attack Simulation (BAS) tools are limited. Built based on predefined scenarios, they’re gr...
How to Prioritize Vulnerabilities Effectively
There are patches or remediations for all the top vulnerabilities, but they’re still being exploited in the wild. How is that? Well, if you were the a...
How DTCC Upgraded their SOC into a Cyber Threat Fusion Center
By Shawn Baird, Associate Director, Offensive Security and Tactics, DTCC
Based on a session given at PenteraCon 2024
When the speed and complexity...
Forti-fied? Logging blind spot revealed in FortiClient VPN
Virtual private networks (VPNs) have become widely used by enterprises for secure remote network access to protect sensitive data. This critical role ...
What’s Behind the Rising Costs of Data Breaches?
Data breaches are more costly than ever, averaging USD 4.88 million in 2024—a 10% rise. This spike is largely due to increased expenses related to los...
Two New Zero-Day Vulnerabilities Uncovered in FortiClient VPN
Introduction
Our latest research from Pentera Labs uncovers high-severity Fortinet vulnerability CVE-2024-47574, exposing risks in FortiClient's use ...
APT Attacks: The Sith Lords of the Cyber World
Advanced Persistent Threats (APTs) are like the Sith Lords of the cyber world—stealthy, relentless, and always lurking in the shadows. Mentioning them...
Begin your security validation journey
Request a demo
Aligning Security Testing with IT Infrastructure Changes
With 73% of organizations tweaking their IT setups every quarter, it’s concerning that only 40% are aligning their security checks accordingly. This f...
Meeting the DORA Mandate: Approaching ICT Risk Management with Pentera
The countdown to January 2025 is on, and for financial institutions in Europe, the Digital Operational Resilience Act (DORA) isn’t just another regula...
Identity Breaches in 2024 – An Ounce of Hygiene is Worth a Pound of Technology
Identity is a key to open a door
Who are you? Yes, you reading. Who are you?
There’s probably a lot of ways you can answer that question, and that...
The Kubernetes Attack Surface
Do you remember the days when cyber security was easy? That never happened. But even though it was hard, we knew what we needed to do; which user perm...
Blueprint for Success: Implementing a CTEM Operation
The attack surface isn’t what it once was and it’s becoming a nightmare to protect. A constantly expanding and evolving attack surface means risk to t...
Surviving LockBit Lessons from a Ransomware Attack
On April 13, 2023, we were hit hard. The University of Health Sciences and Pharmacy (UHSP) faced a serious adversary: The notorious LockBit ransomware...
Return of the RCE: Addressing the regreSSHion Vulnerability – CVE-2024-6387
A Regrettable Resurgence
On July 1, 2024, the Qualys Threat Research Unit (TRU) published their discovery of an unauthenticated remote code executio...
Zero footprint attacks: 3 steps to bypass EDR with reflective loading
EDR (Endpoint Detection and Response) evasion techniques are becoming increasingly common amongst attackers as they evolve their strategies to bypass ...
Fundamentals of Cloud Security Stress Testing
“Defenders think in lists, attackers think in graphs” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those...