Topics
How DTCC Upgraded their SOC into a Cyber Threat Fusion Center
By Shawn Baird, Associate Director, Offensive Security and Tactics, DTCC
Based on a session given at PenteraCon 2024
When the speed and complexity...
Forti-fied? Logging blind spot revealed in FortiClient VPN
Virtual private networks (VPNs) have become widely used by enterprises for secure remote network access to protect sensitive data. This critical role ...
What’s Behind the Rising Costs of Data Breaches?
Data breaches are more costly than ever, averaging USD 4.88 million in 2024—a 10% rise. This spike is largely due to increased expenses related to los...
Two New Zero-Day Vulnerabilities Uncovered in FortiClient VPN
Introduction
Our latest research from Pentera Labs uncovers high-severity Fortinet vulnerability CVE-2024-47574, exposing risks in FortiClient's use ...
APT Attacks: The Sith Lords of the Cyber World
Advanced Persistent Threats (APTs) are like the Sith Lords of the cyber world—stealthy, relentless, and always lurking in the shadows. Mentioning them...
How Attackers Can Achieve a DoS Attack in Microsoft Active Directory
In this blog, we explore how attackers can exploit a limitation in Active Directory (AD) Security Identifiers (SIDs) to lock users out of the domain w...
Continuous Security Validation Against AI-Driven Threats – A Field CISO’s Insights
Despite substantial investments in cybersecurity, breaches keep happening—especially as AI changes the game for attackers and defenders alike. This sh...
Why Proactive Cybersecurity Starts with Attack Surface Management (ASM)
The last couple of years will be remembered for many things in cybersecurity, but the MOVEit breach stands out as a painful lesson in what happens whe...
Prove Your Defenses Work with Continuous Security Validation
The European energy sector’s recent takedown showed just how fast even strong defenses can crumble in the face of the increasing sophistication of cyb...
Begin your security validation journey
Request a demo
What CISOs Need to Know About the New SEC Cybersecurity Guidelines
The new SEC guidelines released July 26 2023 and effective December 18 2023 mark a significant shift in how organizations must approach cybersecurity....
Why Pay a Pentester? The Shift to Automated Penetration Testing
The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the gran...
Comparing On-premise vs. Cloud-Based Penetration Testing Strategies
As cloud infrastructure adoption grows, it's a mistake to assume that these environments are inherently secure. In fact, as reported by StrongDM, “pub...
Ransomware Readiness Strategies: How to Protect Your Organization
Ransomware Readiness Strategies: Are You Prepared?
If this question is keeping you up at night, you’re certainly not alone. The threat is tangibly ...
How Susceptible are Your Linux Machines to a Ransomware Attack?
Ransomware targeting Linux machines is becoming increasingly common. While the vast majority of ransomware is still designed to target Windows systems...
Emulating Cryptomining Attacks: A Deep Dive into Resource Draining with GPU Programming
Cryptomining has surged in popularity, driven by the growing value of cryptocurrencies like Bitcoin and Ethereum. With leaked credentials easier than ...
Aligning Security Testing with IT Infrastructure Changes
With 73% of organizations tweaking their IT setups every quarter, it’s concerning that only 40% are aligning their security checks accordingly. This f...
Meeting the DORA Mandate: Approaching ICT Risk Management with Pentera
The countdown to January 2025 is on, and for financial institutions in Europe, the Digital Operational Resilience Act (DORA) isn’t just another regula...
Identity Breaches in 2024 – An Ounce of Hygiene is Worth a Pound of Technology
Identity is a key to open a door
Who are you? Yes, you reading. Who are you?
There’s probably a lot of ways you can answer that question, and that...