Patch comes later—attackers move now A zero-day exploit is a cyberattack on a system by a hacker that occurs on the same day that a weakness is discovered. It’s called a zero-day because the day on which hackers discover a new vulnerability is generally considered “day zero.” Organizations usually develop and releases a patch to fix the problem, but until that patch is installed, the hackers are free to exploit the weakness in whatever applications they can find. The race between software developers and hackers has created an industry of “zero-day sales” in which anticipated vulnerabilities are bought and sold
Tag: Cybersecurity
Block rogue queries before they bite A SQL (Structured Query Language) injection attack occurs when an attacker injects a piece of SQL script in order to manipulate the SQL script running on a database-driven web-application in an attempt to access/modify/delete something within the database. It can even execute certain administrative scripts. The SQL injection attack is one of the most common attacks out there. Companies are getting hit by these attacks constantly. You’ve probably seen stories about user information getting posted on sites like PasteBin. Business Impact of a SQL Injection Attack The business impact can range widely depending on
Why Cybersecurity is a Business Concern It seems like every day now, we hear about a new hack. But the problem is not just technology. It’s also a business problem that everyone needs to understand and address. And it affects every business in some way or another. I personally believe it’s because of the word itself, cybersecurity. It sounds technical, it involves technology, so it must be 100% an IT issue to fix. Let’s walk through a quick scenario and see who fits into each point: Finance: sets up a login for their bank account. IT: provides security awareness training
The Importance of Security Awareness I started off by reading an article today on how CloudFlare and Twilio were phished and breached. They required that all of their employees have Multi-Factor Authentication enabled, and yet the attackers still got in. How? https://arstechnica.com/information-technology/2022/08/phishers-breach-twilio-and-target-cloudflare-using-workers-home-numbers/?source=post_page—–f515c1d56e56——————————– TLDR: the attackers created a website clone and sent out a phishing email. They waited for the individuals to fall for it. When the users clicked on the email, they were directed to the attacker’s domain where they entered their credentials. The hackers were on standby and automatically entered the credentials on the legitimate domain. This triggered the
What is Cybersecurity? Easy question with a not-so-straightforward answer. The definition differs based on the person or organization that you ask. A person that needs to safeguard their Instagram account will define Cybersecurity much differently than an organization that deals with patient data, and even that organization will define it differently than a government that’s safeguarding its citizens. Individuals are mostly concerned with securing their personal data and keeping their accounts protected from hijackers. They want their devices operating efficiently and without prying eyes. Businesses need not only worry about their intellectual property, they also need to secure customer