From Compliance to Confidence: Achieving CMMC 2.0 Certification
For many contractors, navigating the complexities of CMMC compliance presents significant challenges. The Cybersecurity Maturity Model Certification (...
Continuous Ransomware Validation: Why Annual Testing Is No Longer Enough
Ransomware isn’t just a security issue; it’s a business problem that’s grown too big to ignore. What started as floppy-disk attacks back in the 1980s ...
What is BAS 2.0 and Why You Need It
In a fast-evolving threat landscape, traditional Breach and Attack Simulation (BAS) tools are limited. Built based on predefined scenarios, they’re gr...
How to Prioritize Vulnerabilities Effectively
There are patches or remediations for all the top vulnerabilities, but they’re still being exploited in the wild. How is that? Well, if you were the a...
How DTCC Upgraded their SOC into a Cyber Threat Fusion Center
By Shawn Baird, Associate Director, Offensive Security and Tactics, DTCC
Based on a session given at PenteraCon 2024
When the speed and complexity...
Forti-fied? Logging blind spot revealed in FortiClient VPN
Virtual private networks (VPNs) have become widely used by enterprises for secure remote network access to protect sensitive data. This critical role ...
What’s Behind the Rising Costs of Data Breaches?
Data breaches are more costly than ever, averaging USD 4.88 million in 2024—a 10% rise. This spike is largely due to increased expenses related to los...
Two New Zero-Day Vulnerabilities Uncovered in FortiClient VPN
Introduction
Our latest research from Pentera Labs uncovers high-severity Fortinet vulnerability CVE-2024-47574, exposing risks in FortiClient's use ...
APT Attacks: The Sith Lords of the Cyber World
Advanced Persistent Threats (APTs) are like the Sith Lords of the cyber world—stealthy, relentless, and always lurking in the shadows. Mentioning them...
Begin your security validation journey
Request a demo
Mitigating Log4Shell Exploitation
By the time you read this, you've surely heard all about the recent Apache Log4j 2 vulnerability publicly disclosed via Apache’s project GitHub on D...
From DHCP Spoofing to EternalBlue: Security Insights
DHCP may be famous for being an essential Windows networking protocol, but it is also infamous, or at least it should be, for falling victim to cybe...
Preventing DHCP Spoofing Attacks
DHCP is an essential Windows networking protocol and a favorite among network admins. Let’s go over the basics of DHCP allocation and review common ...
Understanding VMware vCenter Privilege Escalation
Executive summary
Pentera’s research team ‘Pentera Labs’ discovered a vulnerability in VMware’s vCenter Server program. The affected VMware s...
Understanding Ransomware Insider Threats
The trope of the burglar comparison in cybersecurity is more than overused. But when we talk about the damage of a break-in, it’s not just picking t...
Exploring the PrintNightmare Vulnerability
Greenpeace recently took credit for the PrintNightmare exploitation. Warning that if the world does not shift to paperless immediately, further deva...
Strategies to Ensure Ransomware Readiness
If this question is keeping you up at night, you are certainly not alone. The threat is tangibly real and immediate, with ransomware damages project...
Understanding Top Exploited Vulnerabilities
There are patches or remediations for all the top vulnerabilities, but they’re still being exploited in the wild. Why is that? Well, if you were the...
Welcome to Pentera’s Next Phase of Security
Today we embark on a new journey. One that will have even a bigger impact on our customers, as we continue to contend with the ever-evolving threat ...