What CISOs Need to Know About the New SEC Cybersecurity Guidelines
The new SEC guidelines released July 26 2023 and effective December 18 2023 mark a significant shift in how organizations must approach cybersecurity....
Why Pay a Pentester? The Shift to Automated Penetration Testing
The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the gran...
Comparing On-premise vs. Cloud-Based Penetration Testing Strategies
As cloud infrastructure adoption grows, it's a mistake to assume that these environments are inherently secure. In fact, as reported by StrongDM, “pub...
How Susceptible are Your Linux Machines to a Ransomware Attack?
Ransomware targeting Linux machines is becoming increasingly common. While the vast majority of ransomware is still designed to target Windows systems...
Emulating Cryptomining Attacks: A Deep Dive into Resource Draining with GPU Programming
Cryptomining has surged in popularity, driven by the growing value of cryptocurrencies like Bitcoin and Ethereum. With leaked credentials easier than ...
Aligning Security Testing with IT Infrastructure Changes
With 73% of organizations tweaking their IT setups every quarter, it’s concerning that only 40% are aligning their security checks accordingly. This f...
Meeting the DORA Mandate: Approaching ICT Risk Management with Pentera
The countdown to January 2025 is on, and for financial institutions in Europe, the Digital Operational Resilience Act (DORA) isn’t just another regula...
Identity Breaches in 2024 – An Ounce of Hygiene is Worth a Pound of Technology
Identity is a key to open a door
Who are you? Yes, you reading. Who are you?
There’s probably a lot of ways you can answer that question, and that...
The Kubernetes Attack Surface
Do you remember the days when cyber security was easy? That never happened. But even though it was hard, we knew what we needed to do; which user perm...
Begin your security validation journey
Request a demo
Mitigating VMware vCenter Information Disclosure
New zero-day vulnerability joins a chain of recently discovered vulnerabilities capable of operating an end-to-end attack on ESXi. Org...
4 steps to knowing your exploitable attack surface
Originally published on Dark Reading.
According to a Cisco CISO Benchmark survey, 17% of organizations had 100,000 or more daily security al...
Correcting Common Firewall Misconfigurations
Network misconfigurations take on many types and forms, and come about for many different reasons. Many of them stem from blind adhere...
Breaking the barriers of segmentation
Prefer to read the PDF version of this article? Then, click here.
Intro
Network segmentation continues to be touted as a leading best...
Identifying and Mitigating the PwnKit Vulnerability
While it may seem like the right course of action is to stop everything and immediately start patching the recent PwnKit vulnerability, this probabl...
Mitigating Log4Shell Exploitation
By the time you read this, you've surely heard all about the recent Apache Log4j 2 vulnerability publicly disclosed via Apache’s project GitHub on D...
From DHCP Spoofing to EternalBlue: Security Insights
DHCP may be famous for being an essential Windows networking protocol, but it is also infamous, or at least it should be, for falling victim to cybe...
Preventing DHCP Spoofing Attacks
DHCP is an essential Windows networking protocol and a favorite among network admins. Let’s go over the basics of DHCP allocation and review common ...
Understanding VMware vCenter Privilege Escalation
Executive summary
Pentera’s research team ‘Pentera Labs’ discovered a vulnerability in VMware’s vCenter Server program. The affected VMware s...