Aggregator

ROPC - So, you think you have MFA?

3 years ago

This post will highlight a pattern I have seen across multiple production Microsoft Azure Active Directory tenants which led to MFA bypasses using ROPC. The key take-away: Always enforce MFA! Sounds easy, but there are often misconfigurations and unexpected exceptions. So, test your own AAD tenant for ROPC based MFA bypass opportunities. Github: https://github.com/wunderwuzzi23/ropci Update: The latest free issue of Pentest Magazine has a ropci article. Check it out. What is ROPC?

Securing Applications in a Multicloud World

The Akamai Blog

3 years ago

Widespread adoption of multicloud architecture presents challenges in securing applications. Learn about the benefits of deploying security controls on the edge.

Pavel Despot

Student Insights on Cybersecurity Careers

NIST | Cybersecurity Insights

3 years ago

Hi, our names are Aubrie, Kyle, and Lindsey! We participated in internships at the National Initiative for Cybersecurity Education (NICE) Program Office this past year. This is a career pivot for Aubrie, meaning this is her introduction to cybersecurity from another career; she is earning her master’s with a concentration in cybersecurity. Kyle was an undergraduate intern majoring in Computer Engineering. He is almost finished with his education and will soon be transitioning into the workforce. Lindsey is a high school member of the program. The three of us come from different academic and

Aubrie Kendall, Kyle Truong, Lindsey Walter

以 Desperate Cat 为始学一些姿势

素十八

3 years ago

Trustlook's Integration with OKC (OKX Chain)

Trustlook

3 years ago

San Jose, California, Oct. 19, 2022, Trustlook, the global leader of AI-powered cybersecurity, today announced an integration with OKC (OKX Chain) an EVM-compatible L1 built on Cosmos with a focus on true interoperability (IBC) and maximized performance. Trustlook will provide their extensive portfolio of blockchain security products to OKC, which

Lifan Xu

Java Apache Commons Text Vulnerability

X-Force Exchange - Collection Feed

3 years ago

Summary A remote code execution vulnerability has been disclosed in Java Apache Commons Text. This vulnerability affects all versions prior to 1.10.0. Users of Apache Commons Text are advised to upgrade in order to mitigate this vulnerability. Threat Type Vulnerability Overview ***Update #1, October 19, 2022*** A proof-of-concept has been released by SeanWrightSec on GitHub. At present, there is no indication of this exploit being used in the wild. However, with a PoC released, organizations should be on

CTF-Previse HackTheBox渗透测试（五）

红日安全

3 years ago

大家好，我是你们好朋友小峰。陆陆续续为大家推出CTF-Horizontall HackTheBox 系列

Who’s Scanning the IPv6 Space? And, Frankly, Why Do We Even Care?

The Akamai Blog

3 years ago

Securing IPv6 is no longer optional, it's a necessity. In this first of its kind empirical study on the vulnerability scanning landscape of IPv6, you'll learn the challenges and differences between IPv6 and IPv4 to be better prepared for the future.

Philipp Richter