Vulnerability Archive
Misconfigured cloud servers top 10

Open Invitation to Hackers: Misconfigured Cloud Servers

Many companies use cloud servers to store their data. Despite their great advantage, misconfigured servers may expose sensitive data, a mistake which is an open invitation to hackers to dump and use a company’s data for their malicious activities. How is it possible? 4th party service providers, such as cloud storage providers, improve their cyber […]
Software supply chain attacks

How to Prevent Software Supply-Chain Attacks

The recent warning posted by US National Counterintelligence and Security Center (NCSC) for software supply-chain attack risk draws attention to software used by companies in their supply chain. Every 3 out of 4 professionals acknowledge that they are not fully prepared for supply-chain attacks (aka third-party attacks or value-chain attacks) in responses given to a […]
patch management

Have you patched your holes? 6 Simple Things for Patch Management

A vulnerability is a hole or a weakness in an application. It can be a design flaw or a bug. Attackers exploit vulnerabilities to harm the application owner, application users, and other entities that rely on the application. Patch management is the process of software updates to eliminate vulnerabilities or mitigate cyber risk caused by […]
patch management

What is Patch Management?

What is Patch Management? Patch management is a strategy for systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. This intervention enables systems to stay updated on existing patches, and helps also IT teams determine which patches are the appropriate ones. As a part of change management, […]
Malicious JavaScripts

Malicious JavaScripts: How Can You Get Hacked?

Malicious JavaScripts: How Can You Get Hacked? Detecting the vulnerabilities and leaking are of the essence in hacking. That’s why maintaining cyber security is quite crucial for individuals and corporations. In 2017, even a big firm like Yahoo was hacked by a simple phishing e-mail. Equifast -one of the largest credit bureaus- was hacked through […]
Malicious Javascript hack Code

How Companies Are Hacked via Malicious Javascript Hack Code?

Malicious Javascript Hack Code; JavaScript is dangerous. Maybe you’ve heard this sentence several times before. Actually, being dangerous or not dangerous is true under different circumstances. JavaScript can be dangerous if the proper precautions aren’t taken. It can be used to view or steal personal data even you don’t realize what’s going on. And since […]
Domain Shadowing

Domain Shadowing

What is Domain Shadowing? The concept of domain shadowing has first appeared in 2011, and domain shadowing attack is defined as the creating new subdomains to intervene in traffic flow by attackers. Domain shadowing is the process of creating subdomains by domain owners using credentials. Subdomains are created for legitimate domains. For cyber criminals, domain […]
cms vulnerability

How Companies are Hacked via Basic CMS Vulnerabilities

CMS Vulnerabilities; What is CMS? CMS (Content Management Systems) is a computer application that supports the creation and modification of digital content [1]. Basically, we use it for website management and preparation. Over time, many organizations have developed their own custom CMS software. With the increase of these software, in 1995, CNET developed the idea […]
cms vulnerability

Smart Solution, Smart Aggregation

Smart Solution, Smart Aggregation; Think of the vast amount patch related of vulnerabilities you get after an automatic scan; for example insecure Apache httpd version. Frequently, these issues can be grouped since they are related to Apache httpd and instead of using different names one can show all these vulnerabilities using a single name. This […]
Ecosystem Cyber Risk Manager

Passive Vulnerability Scan & Early Notice for Non Remotely Scannables

Passive Vulnerability Scan; Vulnerabilities such as MS15-034 are big deal for information security specialists who have to keep up with the critical security patches on high pressure business environments. In one hand they know that the cat is out of bag and they have to find out their vulnerable servers, however, on the other hand […]