Deep dive on the most severe Kubernetes vulnerabilities to date - CVE-2017-1002101 and CVE-2017-1002102 from Twistlock. Dev-to-Production Docker and container security for enterprises.

Tracking ransomware end-to-end Huang et al., IEEE Security & Privacy 2018 With thanks to Elie Bursztein for bringing this paper to my attention. You get two for the price of one with today’s pa…

The names Snort and Suricata are known to all who work in the field of network security. WAF and IDS are two classes of security systems...

This week's Tools, Tips and Tricks talks about MXToolbox.com. A collection of network, email and web testing/monitoring tools. If you run a website or manage an infrastructure there are tools in the MXToolbox that you will find useful. MXToolbox.com   Be…

I have been performing “red team” breach assessments for many years. Often the goal is penetrating an external network, and gaining access…

A guide on using browser dev-tools for performing web app pentesting

In all, 320 universities around the world were attacked and the 31.5 terabytes of stolen data was sold for profit in Iran.

"Hacktivist" logged into a social media account from an IP address at GRU HQ in Moscow.

Two years ago, when we began taking on blockchain security engagements, there were no tools engineered for the work. No static analyzers, fuzzers, or reverse engineering tools for Ethereum. So, we …

The 4th Joint Cyber-Security Center is now officially opened in Sydney, almost a year after the 1st was launched in Brisbane. The government of Australia has now officially opened the Sydney Joint Cyber Security Centre (JCSC). Angus Taylor, the Minister for…

The city of Atlanta is being extorted for $51,000 in a ransomware attack that occurred early Thursday that impacted several local government departments.

What would you do if you found a bug that could create money out of thin air?