Enterprise

469 articles

Ambient light sensor as a spy tool

A fresh study of some unexpected properties of a standard feature of all modern smartphones and tablets.

CVE-2023-6246, vulnerability in the glibc library

Glibc library vulnerability published

A vulnerability in the glibc library affects most major Linux distributions.

Authentication bypass exploit in GoAnywhere MFT

Critical vulnerability exploit in GoAnywhere MFT

Time to update Fortra GoAnywhere MFT: an exploit has been developed for a critical vulnerability that allows attackers to bypass authentication and create admin accounts.

37C3: how ethical hackers broke DRM on trains

Hacking a train: a 37С3 talk

Ethical hackers told 37C3 how they found a few eye-openers while breaking DRM to fix trains.

Why using Google OAuth in work applications is unsafe

Google OAuth and phantom accounts

Google OAuth allows to create phantom Google accounts — uncontrollable by corporate Google Workspace administrators.

What’s wrong with cloud SSO implementations, and how to reduce attack risks

Securing cloud providers’ SSO

Single sign-on is supposed to enhance corporate security, but it’s essential that cloud vendors have the information security team’s back.

What is the principle of least privilege?

The principle of least privilege: what is it and why is it needed?

What’s the principle of least privilege, why’s it needed, and how does it help secure corporate information assets?

Operation Triangulation: talk on 37С3

Detailed analysis of Operation Triangulation, the most sophisticated attack our experts have ever seen, presented at 37C3 conference.

LogoFAIL attack via image substitution in UEFI

LogoFAIL attack: using image files to attack computers

A serious vulnerability in UEFI firmware relevant to a large number of modern computers, and even servers.

Can you trust Windows Hello biometric (fingerprint) authentication

How reliable is biometric security on laptops?

Researchers used a hardware hack to bypass Windows Hello biometric authentication on three different devices. Can you trust this login method?

Invoices for delivery of non-existent correspondence

Money for Nothing

During the pre-holiday period, attackers are sending invoices to companies for the delivery of non-existent documents.

How cybercriminals disguise URLs

Methods used by attackers to redirect victims to malicious and phishing sites from seemingly safe URLs.

What security issues does WordPress have?

WordPress security issues

Typical security issues of WordPress, and how they can be addressed to protect your website or online store from cybercriminals.

How to protect corporate routers and firewalls against hacking

Outdated Cisco equipment under threat from firmware

Espionage operations to hack corporate routers are now commonplace — and all organizations need to be aware of this.

Reptar: a vulnerability in Intel processors

How a recently discovered bug in Intel processors threatens cloud providers.

How “zero-clicks” work, and how to defend against them

We discuss what zero-click attacks are, why they’re dangerous, and how to protect your company from them.

How to lock your screen quickly and easily on Windows and macOS

Four ways to lock your screen on Windows and macOS

Four handy ways to lock your screen on Windows and macOS.

10 most dangerous mistakes when setting up a corporate network

The top-10 mistakes made when configuring enterprise IT systems

Mistakes commonly found in almost every large organization. What should the inforsec team look out for, and what protective measures should they take?