Web Security

Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles

The White House’s National Cybersecurity Strategy unveiled yesterday is an ambitious blueprint for improving U.S. cybersecurity and threat response, but some of the more ambitious items will take time to implement, and could face opposition from Congress. President Biden came into office around the time of the SolarWinds and Colonial Pipeline cyber attacks, so cybersecurity […]

The post Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles appeared first on eSecurityPlanet.

March 3, 2023
0 comment
Read More >>

Vulnerability Management: Definition, Process & Tools

As enterprise networks continue to grow in size and complexity, so have the misconfigurations and vulnerabilities that could expose those networks to devastating cyber attacks and breaches. Vulnerability management is the process of prioritizing and minimizing those risks. When you consider that the average Fortune 500 company has nearly 500 critical vulnerabilities, the importance of […]

The post Vulnerability Management: Definition, Process & Tools appeared first on eSecurityPlanet.

March 3, 2023
0 comment
Read More >>

Red Team vs Blue Team vs Purple Team: Differences Explained

Red, blue and purple teams simulate cyberattacks and incident responses to test an organization’s cybersecurity readiness. Understanding how these teams operate is important for an organization that wants to test its cybersecurity defenses realistically — before an adversary does. The ultimate goal is to understand the advanced threats an organization may face in order to […]

The post Red Team vs Blue Team vs Purple Team: Differences Explained appeared first on eSecurityPlanet.

February 22, 2023
0 comment
Read More >>

How to Implement a Penetration Testing Program in 10 Steps

Penetration tests find security vulnerabilities before hackers do and are critical for keeping organizations safe from cyber threats. You can either create your own pentesting program or hire an outside firm to do it for you. Penetration test services have become common, with many security companies offering them. But they can be expensive and should […]

The post How to Implement a Penetration Testing Program in 10 Steps appeared first on eSecurityPlanet.

February 21, 2023
0 comment
Read More >>

Cloudflare Blocks Record DDoS Attack as Threats Surge

Cloudflare mitigated dozens of hyper-volumetric DDoS attacks last weekend, most of them ranging from 50 to 70 million requests per second (RPS) – and the largest one exceeding 71 million RPS. “This is the largest reported HTTP DDoS attack on record, more than 35 percent higher than the previous reported record of 46 million RPS […]

The post Cloudflare Blocks Record DDoS Attack as Threats Surge appeared first on eSecurityPlanet.

February 16, 2023
0 comment
Read More >>

AI Coding: A Security Problem?

Andrej Karpathy is a former research scientist and founding member of OpenAI. He was also the senior director of AI at Tesla. Lately, he has been using Copilot, which leverages GPT-3 to generate code. He tweeted this about it: “Nice read on reverse engineering of GitHub Copilot. Copilot has dramatically accelerated my coding, it’s hard […]

The post AI Coding: A Security Problem? appeared first on eSecurityPlanet.

February 16, 2023
0 comment
Read More >>

Microsoft Patch Tuesday Includes Three Exploited Zero-Day Vulnerabilities

Microsoft’s February 2023 Patch Tuesday fixes 75 vulnerabilities, nine of them rated critical, and three (all rated important) that are being exploited. “This is only the second Patch Tuesday of the year, and we have already tripled the number of weaponized threats that need to be fixed in this release,” Syxsense CEO and founder Ashley […]

The post Microsoft Patch Tuesday Includes Three Exploited Zero-Day Vulnerabilities appeared first on eSecurityPlanet.

February 15, 2023
0 comment
Read More >>

What is Virtual Patching and How Does It Work?

Virtual patching uses policies, rules and security tools to block access to a vulnerability until it can be patched. Zero-day threats and legacy systems are two ways that vulnerabilities can be created for which no patch may exist for some time, if ever. In those cases, security teams can block a potential attack path until […]

The post What is Virtual Patching and How Does It Work? appeared first on eSecurityPlanet.

February 14, 2023
0 comment
Read More >>

John the Ripper: Password Cracking Tutorial and Review

John the Ripper is a popular password cracking tool that can be used to perform brute-force attacks using different encryption technologies and helpful wordlists. It’s often what pen-testers and ethical hackers use to find the true passwords behind hashes. This open-source package is free to download and has several modules for generating hashes from a […]

The post <strong>John the Ripper: Password Cracking Tutorial and Review</strong> appeared first on eSecurityPlanet.

January 31, 2023
0 comment
Read More >>

Hackers Use RMM Software to Breach Federal Agencies

Cybercriminals recently breached U.S. federal agencies using remote monitoring and management (RMM) software as part of a widespread campaign. The malicious campaign began in June 2022 or earlier and was detected a few months later, according to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the […]

The post Hackers Use RMM Software to Breach Federal Agencies appeared first on eSecurityPlanet.

January 28, 2023
0 comment
Read More >>