The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) of the Ministry of National Security hosted a webinar on Web Application Security during cyber security awareness month providing an insightful webinar on Application Security Strategies, the OWASP Top 10, Application Security Verification and Application Testing guidance. TLP:CLEAR
Emotet is back again with a new campaign displaying many characteristics of older campaigns. Cisco Talos has observed an increased activity of spam distributing this new strain beginning in early November 2022, and the volume of spam and Emotet infrastructure has been increasing since then to target multiple geographies around the world. Emotet is a …
The modern cyberwar — against governments, businesses and individuals alike — is comprised of a series of attacks, counterattacks and respective defensive countermeasures. Many are simple and effective. Others are targeted and complex. Yet they are all highly dynamic and require persistence, commitment and resources to mitigate. Further information on this topic can be found …
What if defenders could see the future? If they knew an attack was coming, they could stop it, or at least mitigate its impact and help ensure what they need to protect most is safe. The fact is, defenders can see what’s on the horizon. Further information on this topic can be found in the …
Insecure software is undermining critical infrastructure woldwide. As our infrastructure becomes increasingly complex and connected, the difficulty of achieving application security increases exponentially. Further information on this topic can be found in the article entitled “OWASP: Top Ten Most Critical Web Application Vulnerabilities For 2017” which can be downloaded via the TTCSIRT Website at https://ttcsirt.gov.tt/documents/owasp2017.pdf
Serious issues often originate inside the network: everything from worms, viruses, and Trojan horses to unsecured wireless networks, peer-to-peer mobile communications and guest users can compromise the security of corporate networks. Thus, to address these threats, the corporate network should no longer be a single homogeneous zone in which users connect from anywhere in the …
Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social engineering schemes use spoofed e-mails purporting to be from legitimate businesses and agencies, designed to lead consumers to counterfeit websites that trick recipients into divulging financial data such as usernames and passwords. …
Internet technology is so pervasive today, for example, from online social networking to online banking, it has made people’s lives more comfortable. Due the growth of Internet technology, security threats to systems and networks are relentlessly inventive. One such a serious threat is “phishing”, in which, attackers attempt to steal the user’s credentials using fake …
Following an analysis of the progression of ransomware and ongoing attacks on critical infrastructure, highlighted in the previous chapters, it becomes clear that cyberattacks will continue to expand in scope and volume over the coming year. However, we must not lose sight of the fact that these complex scenarios are just one aspect of cybercrime …
Some of the most critical vulnerabilities in the Internet’s history have been discovered and resolved thanks to the efforts of hackers fueled by curiosity and altruism. Acalvio Technologies Chief Security Architect Chris Roberts puts it this way, “Hackers unfortunately are [often] portrayed as the bad guys, whereas I would argue that for the last 20 …