penetration testing News, Articles and Updates

Candy bar security posture leaves enterprises soft on the inside

71 percent of hackers say they can breach the perimeter of a target within 10 hours" and 100 percent within 15 according to the latest 'Black Report' from Nuix, surveying hacker method and motivation.

Upright and under cover; getting your own hacker beats letting outsiders in

A social engineer will start by gathering Open Source Intelligence (OSINT) and the sleuthing continues using social media, finally giving the company an overview of their security posture without losing any of the data taken on the job.

Why companies should employ ethical hackers

Hiring a white hat hacker to find your system vulnerabilities and fix them, before the bad guys find and exploit them is a recommended method of strengthening defences says Krishna Rungta.

Penetration tests are being ignored by enterprises living dangerously

Organisations are ignoring the recommendations of penetration testers, even when they find serious vulnerabilities in their clients' systems, according to the Black Report from Nuix.

Pen-testing made easy with Datasploit social engineering toolset

GUI friendly social-engineering toolset made available as open source software - great for penetration testing, not bad for criminals either.

Pen testers discover mega vulnerabilities in Uber

Portuguese pen testing team discover 14 flaws in Uber apps which would have enabled them to get free rides and disclose details of passengers' and drivers' journeys.

SC Congress: "flakey kettles and dolls that swear at you"

Ken Munro, managing director of Pen Test Partners, showed the SC Congress just how easy it is to crack a whole range of IoT nonsense

Robin Who? Dridex botnet replaced with antivirus software

A mysterious Good Samaritan has replaced the code on certain parts of the villanous Dridex botnet with Avira Anti-virus installers.

'High risk' for users of FRITZ!Box routers

A number of remote code execution bugs in several models of FRITZ!Box broadband routers could allow intruders to place phone calls through the device.

Testing, Testing - 4 simple IT security mistakes that leave a business vulnerable

Luke Potter looks at four of the most basic security oversights identified during penetration testing

The concept of Red Teaming

An holistic view of security is increasingly important, says Thomas Richards.

How your red team penetration testers can help improve your blue team

Red-team penetration testers can help train your security team to recognise common and not-so-common attack techniques, says Rowland Johnson.

London-specific threat-intelligence launching via Mayor's office initiative

London-specific threat intelligence is to be provided to businesses in the capital, possibly as early as next month, via an innovative independent body combining the police, government and the private sector, instigated by the Mayor's office.

Lies, damned lies and statistics

Cyber-crime figures are a dime or dozen but are they really improving your security, asks Ken Munro.

The end of penetration testing in sight?

With the attack surface, or perimeter, expanding exponentially, and attackers inside the network, the focus should now be on finding and stoping them - concentrating on how data leaves the system - says Chris Marrison.

Invite attacks to identify weaknesses

Intelligence-led third party red-teaming testers can identify the blind spots that in-house teams thought they had covered suggests Simon Saunders.

How do you stop an Energetic Bear?

Companies must think like a hacker and commit to penetration testing to protect themselves from data breaches, says Chema Alonso.

Why we need a tighter framework for social engineering penetration testing

Protect against real-world threats and test the most likely scenarios using relevant models, including low-tech, says Gavin Watson.

Red Teaming in the real world

Red teaming is a relatively new type of extended pen testing used to raise the security and governance bar in major corporates, most notably financial service organisations such as banks.

UK banks to get independent pen-testing?

The UK's Bank of England (BoE) is reportedly planning to carry out a major pen-testing exercise in the Autumn.

B-Sides SF: 'Sexism can be security vulnerability'

Security researcher - and white hat hacker - Raven Alder addressed sexism in the InfoSec world at the B-Sides San Francisco event on Monday, and said - perhaps surprisingly - that it can help and hinder attackers and defenders in equal measure.

PCI compliance: The slow road to progress

PCI DSS 3.0 may be on the horizon, but a new study suggests that companies are not only slow in updating, but also approaching compliance in the wrong way.

CNS Group launches educational PenTest Portal

CNS Group's information assurance division CNS Hut3 has launched a PenTest Portal to teach companies how to carry out basic penetration testing techniques on their own systems.

New Nmap

Nmap, the de facto standard network scanning tool for the security community, has just received a major update to version 5.<br /><br />The new version...