The Rise of Insider Threats: A New Challenge for Cyber Security In the ever-evolving landscape of cybersecurity, a new threat has emerged – the insider threat. It’s no longer just about defending against external hackers but also about keeping a close eye on your own trusted users. Picture this: you walk into work one morning…
PCI DSS v4.0: Navigating the Evolving Landscape The Payment Card Industry Data Security Standard (PCI DSS) landscape is currently witnessing rapid changes. As the deadline for compliance with version 4.0 approaches in Q1 2025, businesses are facing the challenge of adapting to the new and stringent requirements introduced by the updated standard. The Challenge of…
Integracija Entrust nShield HSM (Hardware Security Module) z F5 BIG-IP omogoča varno upravljanje in shranjevanje kriptografskih ključev, kar je ključno za zaščito podatkov in uporabniških poverilnic. Sledite spodnjim korakom za uspešno integracijo. 1. Priprava okolja 1.1. Preverite zahteve F5 BIG-IP različica: Prepričajte se, da uporabljate BIG-IP Virtual Edition 16.0.1 ali 17.0.0.1. Operacijski sistem: Uporabite CentOS…
Apple Withdraws Lawsuit Against NSO Group Due to Shifting Risk Landscape In a surprising turn of events, Apple has decided to drop its lawsuit against the notorious commercial spyware vendor NSO Group. The tech giant filed a motion to “voluntarily” dismiss the case, citing a rapidly evolving risk landscape that could potentially jeopardize critical threat…
Clever Phishing Technique Exploits HTTP Headers to Trick Users In the vast ocean of cyber threats, phishing remains a dominant form of attack, with cybercriminals devising new and sophisticated techniques to trick unsuspecting users. Recently, cybersecurity researchers uncovered a crafty phishing campaign that leverages a lesser-known vulnerability in HTTP headers to deceive individuals into divulging…
Varnost spletnih aplikacij je danes ključnega pomena, saj so le-te pogosto tarča kibernetskih napadov. Ena izmed najuspešnejših metod za odkrivanje ranljivosti v spletnih aplikacijah so penetracijski testi, ki jih izvajajo varnostni strokovnjaki. Netsparker je vodilno orodje za avtomatizirano izvajanje penetracijskih testov, ki omogoča celovito oceno varnosti spletnih aplikacij.V tem blogu bomo podrobneje spoznali proces penetracijskih…
SCATTERED SPIDER, skupina izsiljevalskih virusov (ransomware), izkorišča infrastrukturo v oblaku za ciljanje na zavarovalniške in finančne sektorje s pomočjo taktik socialnega inženiringa, kot sta vishing in smishing, da bi zavedli tarče in pridobili dostop do njihovih sistemov. Skupina uporablja ukradene poverilnice, SIM swap in orodja integrirana v oblak, da ohranijo svojo prisotnost. Njihovo globoko razumevanje…
Wazuh je odprtokodna platforma za upravljanje varnosti, ki združuje funkcionalnosti SIEM (Security Information and Event Management) in XDR (Extended Detection and Response). V primerjavi s komercialnimi SIEM rešitvami, kot so Splunk, ArcSight in QRadar, ponuja Wazuh več prednosti in nekaterih slabosti, ki jih je vredno preučiti. Prednosti Wazuh SIEM Brezplačna in odprtokodna rešitev: Wazuh je…
SCATTERED SPIDER Koriščenje Infrastrukture v Oblaku za Napade na Zavarovalniške in Finančne Sektorje Kibernetska kriminalna skupina SCATTERED SPIDER je nedavno pritegnila pozornost strokovnjakov za kibernetsko varnost zaradi inovativne uporabe infrastrukture v oblaku za izvajanje sofisticiranih napadov na zavarovalniške in finančne sektorje. Napadalci se poslužujejo taktik socialnega inženiringa, kot sta vishing in smishing, da prevarajo ciljane…
Ivanti’s Cloud Service Appliance Vulnerability Exploited in the Wild Ivanti recently disclosed that their Cloud Service Appliance (CSA) has fallen prey to active exploitation due to a newly patched security flaw. This high-severity vulnerability, identified as CVE-2024-8190 with a CVSS score of 7.2, permits remote code execution under specific circumstances. The Vulnerability The vulnerability lies…