Oscar Introduction Misconfigurations in cloud environments and resulting data breaches frequently put AWS Simple Storage Service in the news. In “Hands-On AWS Penetration Testing with Kali Linux,” authors Benjamin Caudill and Karl Gilbert offer practical steps for conducting penetration tests on major AWS services like S3, Lambda, and CloudFormation. S3 has enjoyed enormous popularity since its … Read more
Introduction Today’s businesses depend more heavily than ever on applications and data analytics. The more an organization transitions its processes to digital systems, the more data it can take advantage of. Enterprise cloud platforms support these applications, with Amazon Web Services (AWS) being one of the most popular options. As of 2023, Amazon reports that … Read more
Introduction ISO 27001 compliance entails proving that an organization’s information security management system (ISMS) aligns with the standard’s requirements. Achieving compliance requires undergoing an audit process where an independent third-party assessor evaluates the organization’s ISMS against said standard. The assessor examines the organization’s policies, procedures, and controls, as well as its risk assessment and risk … Read more
Introduction As cyber security professionals traverse the complex landscape of security assessments and penetration tests, smooth reporting and collaboration are critical for success. One tool that has gained popularity for facilitating these tasks is Dradis Framework. Since I started using the software, Dradis has proven to be the most functional and easy to work with for both solo … Read more
Introduction In many cases, penetration testing – an ethical engagement designed for identification and addressing of security vulnerabilities in systems, applications and networks, is required. Sometimes this requirement is directly specified while in other cases it’s implied by a need to build, audit or assess processes to mitigate cyber risk. This blog identifies just some of … Read more
Between February 7th and March 7th 2023, hackers were able to breach over the personal information of almost 9 million individuals in the United States from a major dental insurance company, MCNA. The information stolen includes a trove of patients’ personal data, including names, addresses, dates of birth, phone numbers, email addresses, social security numbers … Read more
In today’s interconnected world, cyber security has become paramount. As our reliance on digital technology grows, so too do the threats posed by cyber criminals. From personal data breaches to large-scale cyber attacks on critical infrastructure, the consequences of inadequate cyber security measures can be devastating. A prevalent but little talked about issue is crime … Read more
Zacks Investment Research Data, a major stock market data research provider, revealed a major breach in their network allowing attackers to expose 820,000 individual’s data. This data included names, phone numbers, passwords and email addresses. Such information is especially useful for malicious actors running phishing campaigns, credential stuffing attacks and other popular social-engineering scams. Threat … Read more
In May 2023, a managed file transfer program named MOVEit, used by a wide range of private businesses and government agencies experienced major data breach from an SQL injection attack on public facing servers. The transfers were facilitated via a tailor-made C# web shell nicknamed LemurLoot. This was transferred to target systems via MOVEit legitimately … Read more
TMX Finance, parent company of TitleMax, TitleBucks and InstaLoan experienced a major breach of their network, resulting in nearly 5 million customer accounts’ data being siphoned out by malicious actors over a period of 11 days in mid-February 2023. The data stolen included driver’s license numbers, federal/state IDs, tax IDs, social security numbers and other … Read more