Articles

XZ Backdoor: CVE-2024-3094

There’s a lot of media articles out there covering CVE-2024-3094 and, as usual, a lot of them are hyped up and covered in annoying adverts. So, I wanted to put together a “short story” version of the situation. The very short story is that a threat actor managed to add ...

What do you mean by “Threat Actor”?

Habitually in our articles we use the term “Threat Actors” where you might expect us to use a term like “attacker” or “cybercriminal”. So why do we do that? In short, we find that threat actor is a more accurate term where something like “cybercriminal” may, in some cases, be ...

Hardening SSL/TLS: Common Certificate Issues

Introduction I recently wrote a quick start guide to hardening SSL/TLS configurations, to help people to better understand all the different aspects of securing their transport layer security configuration – however, during that article I skipped over a big section: SSL Certificates. In this article, we’ll focus on the certificates themselves and ...

Hardening SSL/TLS: Common SSL Security Issues

Introduction Secure Sockets Layer (SSL) was a protocol designed to protect network traffic in transit, however it was superseded by Transport Layer Security (TLS) in 1999. These protocols are well-known for protecting web traffic with HTTPS. However, they can be used to protect lots of different kinds of traffic, for ...

Hashcracking with Hashcat and AWS

A couple of years ago I wrote an article about hashcracking with Hashcat and AWS; but that was back on Ubuntu 16.04 and it involved manually compiling the packages. So I thought I’d best update it for Ubuntu 22.04 and why not use the Nvidia ubuntu repos to make things easier ...

[Webinar] Your Security Awareness Training Sucks

Akimbo hosted a Webinar to cover hints and tips about running more effective Security Awareness Training. We’re sharing the recording for those that couldn’t make it on the day! If you’d like more information about any of the content covered, or if you’d like to discuss a training requirement then ...

Preventing Username Enumeration

Username enumeration within web applications is a solvable problem – but I often see web administrators either ignore the issue because they don’t think it’s significant enough to address, or they think it’s not possible to fully address it. So, let’s explore the difficulty here, and I’ll give some examples ...

Multifactor Authentication (MFA)

What is Multifactor Authentication? An authentication factor is something that is supplied to verify an identity – the most common example of an authentication factor is a password, a secret word used to authenticate yourself for access to an account. Multi-factor authentication is the requirement to supply several factors during ...

Penetration Testing: Mix it up or stick with it?

After publishing yesterday’s article about how frequently you should get a penetration test, I inadvertently started a discussion on Twitter about another aspect of penetration testing delivery: Should you change providers, or you should stick with who you know? The argument I usually hear in favour of regularly changing security providers is that ...

1 / 13
Play Cover Track Title
Track Authors