Reading Time: 5 minutes A new threat actor has infiltrated GitHub, utilizing the malicious repositories of “Sammy3003” to unleash havoc. Dive into our gripping exposé as we uncover the sinister tactics and connections that make this emerging malware a force to be reckoned with. Brace yourself and discover the truth behind this digital menace. Read the full article now and stay one step ahead of the evolving cyber landscape.
Kekw keeps evolving
Reading Time: 11 minutes we delve into an intriguing security incident involving a GitHub repository and PyPi packages. A user sought code review assistance for a suspicious GitHub repository, which was later taken down. Our investigation revealed trojanized tools with Kekw malware, spread through malicious Python packages. We explore the evolving tactics of the threat actor, PyPi’s actions to combat the issue, and the importance of implementing 2FA for account security. Read on to discover the resilience of the malware, the swift response of PyPi, and the ongoing battle against these threats.
Risks of MFA Relay Attacks with Evilginx
Reading Time: 5 minutes In today’s digital age, businesses face increasing cyber security threats. Multi-Factor Authentication (MFA) has gained popularity as a strong security measure. However, cyber attackers have devised a technique called the MFA relay attack or Evilginx attack to bypass MFA. This article explores the risks associated with this attack, including account compromise and the need for MFA security. It also discusses the Evilginx phishing attack, the extensive risks it poses, and ways to protect against it.
Annual Pentest Report 2023
Reading Time: 2 minutes Our Annual Pentest Report presents key insights on the latest trends and vulnerabilities in application security based on comprehensive analysis by our ethical hacking team. With a focus on “Business Logic Flaws” this year, the report provides valuable guidance on detecting and addressing unique vulnerabilities. It is a must-read for CISOs, security teams, developers, and business leaders interested in enhancing their cyber security posture and staying informed on industry developments.
Hackable Intelligence Revisited
Reading Time: < 1 minutes as ML gains prominence, it also becomes a prime target for malicious actors. Delve into our enlightening whitepaper as our ethical hacker, Samraa Al Zubi, investigates prevalent attack types against machine learning and helps you identify potential risks and determine if ML solutions are suitable for your business. Gain insights into proper use cases for ML, forthcoming regulations governing AI and ML, methods to assess your security posture, and discover the most effective tools and defences to fortify your ML systems. Let’s prepare to defend AI and ensure its potential is harnessed without compromising security.
Annual Pentest Report 2022
Reading Time: < 1 minutes Dive into the rising prevalence of broken access control vulnerabilities, leverage expert advice from our Secure Development team to empower your developers, and uncover the benefits of periodic pentesting to enhance security and optimize your security investment. With APIs emerging as a prime target for cyber-attacks, it’s crucial to test and secure them effectively, leveraging the OWASP’s dedicated classification for API vulnerabilities. Discover why a single pentest is insufficient and learn how integrating pentests into your secure development process over time yields the best results. Explore our comprehensive ethical hacking solutions and fortify your defences against evolving threats.
Annual Pentest Report 2021
Reading Time: 2 minutes The report features the top 10 vulnerabilities, emphasizes the value of combining automated scanning with manual penetration testing, and provides actionable recommendations to enhance the security of web applications. With 100% of tested applications revealing at least one vulnerability and over half experiencing critical issues, organisations are urged to prioritize security. Discover why web applications are prime targets for cyber-attacks and how our ethical hacking team can help identify vulnerabilities, create actionable plans, and raise security awareness within your organisation. Don’t wait for hackers to exploit your weaknesses.
Microsoft Exchange Server: security vulnerability
Reading Time: 2 minutes Summary: In a recent attack on Microsoft’s on-premises Exchange Servers by the group known as Hafnium, a critical vulnerability has been exposed. With the exploit now public knowledge, there is a heightened risk of malicious actors exploiting this vulnerability for financial gain. This blog post highlights the urgent need to take action by checking Exchange versions, installing recommended patches, and investigating for signs of compromise. Access critical and official information from Microsoft and CERT to safeguard your IT and security departments. Learn more about the hackers’ modus operandi and stay vigilant to protect your Exchange Server environment.
OSINT – Improve your defence capabilities
Reading Time: 2 minutes Enhance your defense and response capabilities with our white paper, “Improve your Defence Capabilities with OSINT.” Learn how to leverage advanced functionalities of search engines and utilize Open Source Intelligence (OSINT) to strengthen your security posture. Discover practical applications and techniques used by our expert pentesters.
Attacks against AI applications
Reading Time: < 1 minutes Explore the vulnerabilities of AI systems and the potential risks they pose in our whitepaper, “Hackable Intelligence.” Discover the unique challenges of securing AI applications and gain insights into best practices for safeguarding against attacks. Written by Samraa Alzubi, a Cyber Security Consultant at Approach, who specializes in researching and combating attacks against machine learning. Download the whitepaper now.
Did you scan your security scanners?
Reading Time: < 1 minutes Discover the vulnerability found in Saint Security Suite during our assessment of popular vulnerability scanners. Learn how a cross-site scripting (XSS) flaw was exploited and the potential impact it could have. Read our ethical hacker testimonial by David Bloom, Cyber Security Senior Consultant.
How I hacked a cheap IoT
Reading Time: 5 minutes We share the first-hand account of hacking a cheap IoT device and explore the vulnerabilities that were exploited. Delve into the world of cyber security as we reveal the importance of proper input validation and webserver hardening. Discover how this incident could have been prevented and gain valuable insights to safeguard your own online presence. Join us as we unravel the exciting journey of securing IoT applications and protecting against potential threats.
Rise of DDoS Amplification Attacks
Reading Time: 3 minutes Gain a comprehensive understanding of their potential impact and discover powerful defense strategies to fortify your online defences. Stay one step ahead of potential disruptions and safeguard your valuable online presence with the expert guidance provided by our blog.
SPECTRE MELTDOWN – Get your company secured
Reading Time: 4 minutes Learn how to protect your company from Spectre/Meltdown vulnerabilities with our pragmatic summary. These vulnerabilities affect modern processors and can reveal private data to attackers. End-user devices are the most vulnerable, and should be patched as quickly as possible by installing the latest updates from your OS vendor.
Can an Antivirus really be trusted when it comes to unknown threats?
Reading Time: 4 minutes The effectiveness of antivirus solutions in protecting against unknown threats is put to the test in an attack simulation. Using an in-house developed malware, we found that while an up-to-date Sophos Advanced Endpoint Protection and Sophos Intercept X solution performed better than three other major vendors, security solutions alone are not enough to provide effective protection.