From Compliance to Confidence: Achieving CMMC 2.0 Certification
For many contractors, navigating the complexities of CMMC compliance presents significant challenges. The Cybersecurity Maturity Model Certification (...
Continuous Ransomware Validation: Why Annual Testing Is No Longer Enough
Ransomware isn’t just a security issue; it’s a business problem that’s grown too big to ignore. What started as floppy-disk attacks back in the 1980s ...
What is BAS 2.0 and Why You Need It
In a fast-evolving threat landscape, traditional Breach and Attack Simulation (BAS) tools are limited. Built based on predefined scenarios, they’re gr...
How to Prioritize Vulnerabilities Effectively
There are patches or remediations for all the top vulnerabilities, but they’re still being exploited in the wild. How is that? Well, if you were the a...
How DTCC Upgraded their SOC into a Cyber Threat Fusion Center
By Shawn Baird, Associate Director, Offensive Security and Tactics, DTCC
Based on a session given at PenteraCon 2024
When the speed and complexity...
Forti-fied? Logging blind spot revealed in FortiClient VPN
Virtual private networks (VPNs) have become widely used by enterprises for secure remote network access to protect sensitive data. This critical role ...
What’s Behind the Rising Costs of Data Breaches?
Data breaches are more costly than ever, averaging USD 4.88 million in 2024—a 10% rise. This spike is largely due to increased expenses related to los...
Two New Zero-Day Vulnerabilities Uncovered in FortiClient VPN
Introduction
Our latest research from Pentera Labs uncovers high-severity Fortinet vulnerability CVE-2024-47574, exposing risks in FortiClient's use ...
APT Attacks: The Sith Lords of the Cyber World
Advanced Persistent Threats (APTs) are like the Sith Lords of the cyber world—stealthy, relentless, and always lurking in the shadows. Mentioning them...
Begin your security validation journey
Request a demo
Business Risk as a Guide for Cybersecurity Remediation
We all know the culprits. Cloud adoption, remote and hybrid work arrangements and a long list of must-have technologies have led to an ever-expandin...
Managing Legacy Infrastructure for Security
Every company has some level of tech debt. Unless you’re a brand new start-up, you most likely have a patchwork of solutions that have been impleme...
Risks of LOLBAS in Security
LOLBAS (Living Off the Land Binaries And Scripts) is an attack method that uses binaries and scripts that are already part of the system for malicio...
Securing Neglected Network Protocols
The rapid pace of technological advancements constantly create new attack vectors and attack surfaces. Consequently, it is critical to constantly st...
Global Trends in Penetration Testing 2023
In the past 24 months, more than 88% of organizations have been breached.
That's right: almost nine out of ten companies were hacked. Consid...
Finding MSSQL Database Version with TDS Protocol
The version of an MSSQL database is a valuable piece of information for cyber attackers. With the version details in hand, they can attempt to find ...
Reducing Exposure on the Manufacturing Attack Surface
Digitalization initiatives are connecting once-isolated Operational Technology (OT) environments with their Information Technology (IT) counterparts...
Proactive and Preventative Security Measures
Despite major investments in their security suites, organizations continue to be breached. Our Co-founder and CTO, Arik Liberzon, recently sat down ...
Securing MongoDB with Data-at-Rest Encryption
In this post, we will examine one method of encrypting data-at-rest, specifically how to achieve Data-at-Rest Encryption for MongoDB Community Editi...