In this article, we explain what Passive Vulnerability Detection (PVD) is, provide an overview on the PVD methodologies and discuss its relative strengths and weaknesses as compared to the Active Vulnerability Scanning (AVS).
What is CVE?
In this post, we explain what CVE (Common Vulnerabilities and Exposures) is, what the CVE states are, how to request a CVE ID and search for CVE records in the NVD.
Advanced Persistent Threat (APT) Groups
In this article, we first briefly give the background information on cyber threats and cyber threat actors and then list prominent Advanced Persistent Threat (APT) groups.
What Is SMB Protocol and Why Is it a Security Concern?
In this article, we explain what SMB (Server Message Block) protocol is and provide an overview of security concerns and issues on the SMB protocol.
What Is Social Engineering?
Sometimes, a technical attack such as brute forcing passwords, introducing malware into the systems or exploiting software/hardware based vulnerabilities remotely is not the easiest way to gain access to an IT infrastructure or a person’s accounts. Rather, it is manipulating the weakest link in the cyber security chain, i.e., humans, via a number of social interaction means.
What Is Patch Tuesday?
Patch Tuesday is an unofficial term used to refer to the scheduled updates rolled out on Tuesdays by Microsoft to fix for known bugs in the Windows operating system and the other Microsoft products.
Password Attack Methods
In this article, we explain the password attack methods that the attackers use frequently to compromise individual accounts and gain unauthorized access on systems.
What Is a Zero-Day Vulnerability?
Terms such as zero-day vulnerability, exploit and attack are often used interchangeably though they do not convey the same meaning. Find out more in our article to learn what these terms specifically mean.
What Is SSL Stripping Attack and How to Avoid It?
SSL Stripping is a form of a man-in-the-middle (MITM) attack that downgrades a secure HTTPS connection to HTTP and exposes users to eavesdropping and data manipulation. In this article, we discuss how attackers can conduct SSL stripping attacks and provide an overview on the proposed mitigative countermeasures.
What Is Incident Response?
As cyber attacks increase in quantity and diversity and more and more security breaches disrupt the operations of organizations, incident response (IR) has become an indispensable component of cyber security programs. In this article, we outline what IR is and explain the essential elements of an IR process.