Blog

A space dedicated to sharing our thoughts on the latest cybersecurity news, trends, and threats

Subscribe

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Fishing the AWS IP Pool for Dangling Domains

Amazon and other cloud providers have made it child’s play to spin up ephemeral server instances for quick deployment of various services. If you want a web server to host your new .io domain name, you can have it set up in no time at all. Starting a website has never been easier — just spin up an …

Stand Your Cloud #2: Host Server Hardening

In our previous post, we discussed how to minimize security risk and data loss by securing the AWS environment. In this installment of our series, we will continue exploring this subject on the server level and discuss some best practices to follow to help strengthen your infrastructure. A common misconception is that vendors are …

ColdFusion Bomb: A Chain Reaction From XSS to RCE

During an audit of ColdFusion 10 and 11’s administration panel, I discovered a reflected, DOM-based cross-site scripting flaw, and in this blog post, I will show you how to leverage that vulnerability to gain remote code execution on the ColdFusion application server. After discovering this vulnerability, I participated in the responsible disclosure process with the …

An Overview of BGP Hijacking

This blog post was authored by Security Associate Zach Julian; you can connect with him on Twitter here. Border Gateway Protocol (BGP) is a crucial component of the Internet, responsible for determining routing paths. BGP hijacking — that is, using BGP to manipulate Internet routing paths — has become more frequent in recent …

On the “Brink” of a Robbery

When you think of a safe, you think exactly that: something that is inherently safe (because it protects, you know, money and other valuables). Traditional safes may have hardly been considered “secure,” but their computerized counterparts — so-called smart safes — may be even less secure. The Brink’s CompuSafe Galileo has a design flaw that …

Bishop Fox is Still a Top Place to Work

Well, this feels a little like déjà vu, doesn’t it? Last year, we proudly announced that we were named by CareerBuilder as a Top Place to Work For in Arizona. This year, the same is true once again. Time Flies Since we wrote about last year’s accomplishment, there have been some changes here …

ISO 27018: The Long-Awaited Cloud Privacy Standard

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) released a new privacy standard for public cloud computing environments in August of 2014. This new standard, ISO 27018, joins the family of standards supporting the ISO 27001 standard for establishing and operating an Information Security Management System (ISMS). The standard takes into …

Security Should Be Application-Specific

I’m looking for the perfect pants. They’re brown. They’re sturdy. They’re business casual. They have many huge pockets, artfully arranged so that I don’t look like a pack rat even after I stash my stuff in them. They don’t cost a fortune. And of course, they fit me perfectly. I have never met these pants. …

AirDroid: How Much Do Your Apps Know?

The AirDroid app for Android has surpassed 20 million downloads from the Google Play store and has received raving reviews from the likes of USA Today and Lifehacker. The app’s function is to help a user organize his or her life by providing the remote ability to send text messages, edit files, …