A guide to managing multiple AWS Accounts using AWS Organizations and how to reduce blast radius by leveraging Delegated Administrator capabilities within AWS Organization to avoid usage of the management root account. This post covers security benefits…

A new Android banking trojan might be spreading under the name of Nexus. It is promoted via a MaaS subnoscription and it contains some relations with an already known SOVA banking trojan. Read the full article to know more about this new player in cybercrime.

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

The possibilities allowed by filter chains will never stop amazing us.

On February 8, 2023, the DKP token on the BNB chain was attacked. The attacker used the flash loan technique to exploit the contract.

Selefra means "select * from infrastructure". It is an open-source policy-as-code software that provides analysis for multi-cloud and SaaS environments, including over 30 services...

However many books you’ve read or courses you’ve taken, you know nothing beats hands-on practice. Obviously, attacking random systems is out of the question (ethical ha...

Open Source Cloud Security. Contribute to Zeus-Labs/ZeusCloud development by creating an account on GitHub.

Phylum uncovers a threat actor taking advantage of how the Python interpreter handles Unicode to obfuscate their malware.

Detection and sanitization for Acropalypse Now - CVE-2023-21036 - infobyte/CVE-2023-21036

As mentioned in a recent blog post , our team is once again offering in-person training, and we have substantially updated our course for th...

From a security point of view, application logs are two-sided. On the one hand, it is really important to have good observability, to find out what is happening and what has happened. On the other hand, we don’t want to leak sensitive information. In this…

Introduction Veeam has recently released an advisory for CVE-2023-27532 for Veeam Backup and Replication which allows an unauthenticated user with access to the Veeam backup service (TCP 9401 by default) to request cleartext credentials. Other’s have provides…

On March 23 I was invited to participate in a panel discussion at the European Internet Services Providers Association (EuroISPA). The focus of this discussion was on recent legislative proposals, …

CVE-2023-23752 is an information leak affecting Joomla! 4.0 - 4.7. How can an attacker use this vulnerability to achieve code execution? How many internet-facing systems are at risk?

Theoretical attacks on SHA-1 have become practical. SHA-1 should be deprecated everywhere.