Blog

A space dedicated to sharing our thoughts on the latest cybersecurity news, trends, and threats

Subscribe

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Fishing the AWS IP Pool for Dangling Domains

Amazon and other cloud providers have made it child’s play to spin up ephemeral server instances for quick deployment of various services. If you want a web server to host your new .io domain name, you can have it set up in no time at all. Starting a website has never been easier — just spin up an …

Stand Your Cloud #2: Host Server Hardening

In our previous post, we discussed how to minimize security risk and data loss by securing the AWS environment. In this installment of our series, we will continue exploring this subject on the server level and discuss some best practices to follow to help strengthen your infrastructure. A common misconception is that vendors are …

ColdFusion Bomb: A Chain Reaction From XSS to RCE

During an audit of ColdFusion 10 and 11’s administration panel, I discovered a reflected, DOM-based cross-site scripting flaw, and in this blog post, I will show you how to leverage that vulnerability to gain remote code execution on the ColdFusion application server. After discovering this vulnerability, I participated in the responsible disclosure process with the …

An Overview of BGP Hijacking

This blog post was authored by Senior Security Analyst Zach Julian; you can connect with him on Twitter here. Border Gateway Protocol (BGP) is a crucial component of the Internet, responsible for determining routing paths. BGP hijacking — that is, using BGP to manipulate Internet routing paths — has become more frequent in …

On the “Brink” of a Robbery

When you think of a safe, you think exactly that: something that is inherently safe (because it protects, you know, money and other valuables). Traditional safes may have hardly been considered “secure,” but their computerized counterparts — so-called smart safes — may be even less secure. The Brink’s CompuSafe Galileo has a design flaw that …

ISO 27018: The Long-Awaited Cloud Privacy Standard

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) released a new privacy standard for public cloud computing environments in August of 2014. This new standard, ISO 27018, joins the family of standards supporting the ISO 27001 standard for establishing and operating an Information Security Management System (ISMS). The standard takes into …