Cyber for all - Page 10
This blog is a windows on a complex world. An overlook to the universe of technology which drives our daily life, using a divulgative and enjoyable perspective
EPSS: What is the probability of a vulnerability being exploited?
The EPSS indicator quantifies the probability of exploiting a given vulnerability in the next 30 days Every day, new vulnerabilities emerge that, if exploited, can lead to security[...]
Read more
Attack Path Management: Securing the Active Directory
Conti, SaveTheQueen, Quantum, Samas, Maze, Bublebee… In recent years, various ransomware have been used to attack companies’ Active Directory and spread through their s[...]
Read more
The 10 Keys to Ransomware as a Service
The rise of Ransomware as a Service has multiplied the number of potential attackers that companies and public administrations face Software as a Service (SaaS), Platform as a Serv[...]
Read more
The 6 keys to threat modeling
When we build a house, we want security to be considered by evaluating the ground on which it is built and how its foundations are planted. Otherwise, cracks will start to appear s[...]
Read more
4 key differences between Pentesting and Red Team
Pentesting and Red Team services differ in scope, how objectives are met, the need for concealment and execution time In a field as complex and constantly evolving as cybersecurity[...]
Read more
Blue Team: Strengthening the defence of a company
Blue Team is in charge of all the defensive layers of an organization to prevent, detect or correct security incidents that could affect the business 6 billion dollars a day. The C[...]
Read more
Cyber Kill Chain. Dissecting the 7 phases of a targeted cyber attack
On March 5, a ransomware attack managed to hijack patient data at the Hospital Clínic in Barcelona, one of Spain’s most important medical centers. This led to the cancellati[...]
Read more
NIST and secure software development
Security is not merely a one-time issue but an ongoing one. For example, a house may be secure at the time of its construction, but if, over the years, it is not diligently cared f[...]
Read more
OWASP SCVS: Reducing Risks in the Software Supply Chain
OWASP SCVS is a useful methodology for preventing supply chain attacks throughout the software lifecycle At the end of January, the LockBit ransomware successfully impacted ION Tra[...]
Read more
Improving APT resilience
APT Resilience Enhancement combines offensive and defensive capabilities to optimize an organization’s defensive layers APT, or advanced persistent threat, has become increas[...]
Read more