In this blog series, I will be putting the spotlight on useful Ghidra features you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective in your reverse engineering workflows. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how to use it effectively. The process of transforming source code into application binaries is a lossy process, but at least some…

Have you ever worked with a company that operates as “close to broken” as reasonably possible? Companies that follow that mindset usually do not have the most robust security practice, and they certainly will walk very close to the edge of compliance. Even if you don’t work in such a dysfunctional enterprise as described above, many companies still do not appreciate the interconnection of security and compliance. Both are often considered cost centers, and that paints a…

We urge organizations to patch Proxylogon (CVE-2021-26855) and related vulnerabilities (CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) in Microsoft Exchange Server and investigate for potential compromise within their networks. Here’s how Tenable products can help. Background Following Microsoft’s out-of-band advisory for four zero-day vulnerabilities in Microsoft Exchange Server that were exploited in the wild by a nation-state threat actor known as HAFNIUM, multiple reports have emerged that over 30,000 organizations may have been compromised as a result of these…

Security chaos engineering helps you find holes in your cyber defenses before hackers do Length: 5:26 | Mar 8, 2021 This approach is all about data and resilience, not deliberately sabotaging your own network, according to two cybersecurity experts. Source link

Cybercriminals are racing to exploit four zero-day bugs in Exchange before more organizations can patch them. Image: Microsoft Organizations that run Microsoft Exchange Server are being urged to apply several bug fixes to the program in response to a hack from a Chinese cybercriminal group. The attack has sparked concern among everyone from security experts to the White House. Early last week, Microsoft revealed that a China-based group called Hafnium has been launching cyberattacks against…

Virginia governor Ralph Northam has signed a new state data protection act into law.  The Virginia Consumer Data Protection Act (CDPA) requires people conducting business in the Commonwealth of Virginia to comply with a novel set of data security and privacy requirements.  The CDPA, which mirrors some of the provisions laid out in the EU’s General Data Protection Regulation (GDPR), comes into effect on January 1, 2023.  Businesses found to have violated the CDPA will…