71 percent of hackers say they can breach the perimeter of a target within 10 hours" and 100 percent within 15 according to the latest 'Black Report' from Nuix, surveying hacker method and motivation.
A social engineer will start by gathering Open Source Intelligence (OSINT) and the sleuthing continues using social media, finally giving the company an overview of their security posture without losing any of the data taken on the job.
Hiring a white hat hacker to find your system vulnerabilities and fix them, before the bad guys find and exploit them is a recommended method of strengthening defences says Krishna Rungta.
Organisations are ignoring the recommendations of penetration testers, even when they find serious vulnerabilities in their clients' systems, according to the Black Report from Nuix.
GUI friendly social-engineering toolset made available as open source software - great for penetration testing, not bad for criminals either.
Portuguese pen testing team discover 14 flaws in Uber apps which would have enabled them to get free rides and disclose details of passengers' and drivers' journeys.
Ken Munro, managing director of Pen Test Partners, showed the SC Congress just how easy it is to crack a whole range of IoT nonsense
A mysterious Good Samaritan has replaced the code on certain parts of the villanous Dridex botnet with Avira Anti-virus installers.
A number of remote code execution bugs in several models of FRITZ!Box broadband routers could allow intruders to place phone calls through the device.
Luke Potter looks at four of the most basic security oversights identified during penetration testing
An holistic view of security is increasingly important, says Thomas Richards.
Red-team penetration testers can help train your security team to recognise common and not-so-common attack techniques, says Rowland Johnson.
London-specific threat intelligence is to be provided to businesses in the capital, possibly as early as next month, via an innovative independent body combining the police, government and the private sector, instigated by the Mayor's office.
Cyber-crime figures are a dime or dozen but are they really improving your security, asks Ken Munro.
With the attack surface, or perimeter, expanding exponentially, and attackers inside the network, the focus should now be on finding and stoping them - concentrating on how data leaves the system - says Chris Marrison.
Intelligence-led third party red-teaming testers can identify the blind spots that in-house teams thought they had covered suggests Simon Saunders.
Companies must think like a hacker and commit to penetration testing to protect themselves from data breaches, says Chema Alonso.
Protect against real-world threats and test the most likely scenarios using relevant models, including low-tech, says Gavin Watson.
Red teaming is a relatively new type of extended pen testing used to raise the security and governance bar in major corporates, most notably financial service organisations such as banks.
The UK's Bank of England (BoE) is reportedly planning to carry out a major pen-testing exercise in the Autumn.
Security researcher - and white hat hacker - Raven Alder addressed sexism in the InfoSec world at the B-Sides San Francisco event on Monday, and said - perhaps surprisingly - that it can help and hinder attackers and defenders in equal measure.
PCI DSS 3.0 may be on the horizon, but a new study suggests that companies are not only slow in updating, but also approaching compliance in the wrong way.
CNS Group's information assurance division CNS Hut3 has launched a PenTest Portal to teach companies how to carry out basic penetration testing techniques on their own systems.
Nmap, the de facto standard network scanning tool for the security community, has just received a major update to version 5.<br /><br />The new version...