The domain name is one of the most valuable assets for a business that has a strong online presence. It is associated with a certain level of trust and a loss of a domain name can have serious consequences. However, the value of the domain…

Read More →

Same-Origin Policy (SOP) is a rule enforced by web browsers, which controls access to data between websites and web applications. Without SOP, any web page would be able to access the DOM of other pages. This would let it access potentially sensitive data from another…

Read More →

A cybersecurity framework is a set of guidelines for business environments to manage security effectively. Cybersecurity frameworks usually cover multiple aspects of cybersecurity, including security controls, appropriate safeguards, appropriate activities, protective technology, as well as response planning. They can be applied to various information systems…

Read More →

In late July, the government of Kazakhstan attempted to perform a mass man-in-the-middle attack on Kazakh citizens. Users of all Kazakh mobile networks were asked to install a government-issued CA certificate to continue using selected sites such as Google services, Facebook, and Instagram. Under global…

Read More →

To gain control over a compromised system, an attacker usually aims to gain interactive shell access for arbitrary command execution. With such access, they can try to elevate their privileges to obtain full control of the operating system. However, most systems are behind firewalls and…

Read More →

Businesses often perceive vulnerability scanning as an alternative to penetration testing. This perception is wrong. An organization conscious about cybersecurity must include both these activities in their business processes and make sure that they work in unison. Missing out on one of them greatly decreases…

Read More →

DevSecOps stands for Development, Security, and Operations. Similar to DevOps or SecOps, it is a concept that joins two previously separate roles into a unified environment. DevSecOps teams are responsible for providing conditions for continuous secure application development. Being a newer concept than DevOps, DevSecOps…

Read More →

Threat modeling is an activity that helps you identify and mitigate threats. It’s very important because it makes you look at security risks top-down, focus on decision-making and prioritize security decisions, and consider how you can use your resources in the best possible way. There…

Read More →

Laxman Muthiyah, an Indian security researcher, earned $30,000 for finding a serious flaw in the Instagram password reset mechanism. If exploited, the flaw would have let an attacker gain control over any Instagram account in 10 minutes with an investment of approximately $150. The flaw…

Read More →

According to a statement by Capital One released on July 19, an unauthorized party gained access to the company’s customer data: approximately 106 million individuals in the United States and Canada. Data was stored in Amazon S3 buckets but accessed using Capital One infrastructure. Capital…

Read More →