Subdomain Takeover is a type of vulnerability which appears when a DNS entry (subdomain) of an organization points to an External Service (ex. Heroku, Github, Bitbucket, Desk, Squarespace, Shopify, etc) but the service is no longer utilized or has been migrated/deleted. In this blog, we will be dissecting Uber Subdomain takeover vulnerability… Read More »Analysing/Dissecting Uber Subdomain Takeover Attack – FireCompass
Shadow IT refers to IT applications and infrastructure that are managed and utilized without the knowledge of the enterprise’s IT department. Shadow IT risks exists in most organizations but most IT leaders and CISOs underestimate about its reach. Problems: Shadow IT will open up to many security risks of business such as… Read More »Shadow IT Risks – 4 Ways To Reduce Them
Shadow IT threats involves pushing back on any initiatives that try to bypass IT and fighting the line of business managers for ownership of these projects. Shadow IT opportunity involves transforming shadow IT into official line-of-business shortcuts and becoming the corporate champion of innovative initiatives. Below are a few ways one could looks… Read More »Shadow IT Threats – How To Turn Them Into Opportunity?
Social Engineering attacks refers to psychological manipulation of people into making security mistakes or giving away sensitive information. Most common social engineering attacks used to target users are Phishing Attack: These attacks are the most common type of attacks leveraging social engineering techniques. Attackers use social media, emails, instant messaging… Read More »3 Social Engineering Attacks To Look Out For
We will discuss a few key areas in the vast attack surface today. With increasing technology advancement and its intervention into the enterprise world makes the scope of cyber defense enormously large. It reminds me of depth-first and breadth-first search algorithms to cover scopes in varied situations. The security landscape is… Read More »Understanding Key Attack Surface Dimensions