AWS CloudGoat and mitigation strategies: Part 3
AWS Cloudgoat and mitigation strategies Part 3 This is part 3 of the series on AWS Cloudgoat Scenarios and the mitigation strategies. In this part, we cover Scenarios 4 and 5: Scenario 4: Privilege escalation via EC2 instance (iam_privesc_by_attachment) Scenario 5: Privilege escalation via SSRF web application exploit (ec2_ssrf)</a This part of the article presumes […]
AWS CloudGoat and mitigation strategies: Part 2
AWS Cloudgoat and mitigation strategies Part 2 This is part 2 of the series on AWS Cloudgoat Scenarios and the mitigation strategies. In this part, we cover Scenarios 2 and 3: Scenario 2: Privilege escalation via AWS Lambda (lambda_privesc) Scenario 3: Misconfigured EC2 Reverse Proxy to S3 Breach (cloud_breach_s3)</a This part of the article presumes […]
AWS CloudGoat and mitigation strategies: Part 1
Introduction As cloud computing is becoming mainstream, the security concerns associated with it has been increasing as well. Most of the public cloud users understand that this is a shared responsibility between the cloud provider and the users as well. According to Gartner, 95% of all cloud security failures are due to misconfigurations. We thought […]
Unpatched Code Snippets Plugins Puts over 200,000 WordPress Sites at Risk
More than 200,000 websites using WordPress with unpatched open-source code snippets allows attackers to take over WordPress sites due to missing referrer checks on the import menu. (Figures are based on the number of active installations in the WordPress Library). Wordfence researchers explained that “The plugin developer protected nearly all endpoints of this plugin with […]
Next Generation WebOrion MonitorX System
Here is a sneak peak at our upcoming MonitorX with new and improved features enhanced with the following Deep Learning Engine for Advanced Image Moderation Scalable to thousands of webpages in seconds Intelligent reduction of false positives by 5 times or more Insightful Dashboard with Refreshed Visualization Charts Stay tuned as we roll out […]
How Ransomware Attacks Affect Your Website
Ransomware is an especially nasty attack that holds your data hostage until you pay the attacker a fee. This fee can be anywhere from $50 to several thousands of dollars. If you don’t pay, usually the attacker continues to increase the fee until you are forced to wipe your server’s hard drive and start over. […]
Five Ways a Website Can be Hacked
In today’s world, one must think twice before claiming that (s)he is safe from hackers. Be it ordinary individuals, small companies, large technology corporations or even governments with vast resources, it seems everybody falls victim to a hacking incident these days. We collected the top 6 risk factors affecting most websites. The list aims to […]
Best Practices to Address Web Defacements
Web defacement is one of the biggest security challenges to any organization that is running online. Web defacement is typically done by hackers who break into a web server and replace the hosted website with one of their own, using techniques such as phishing, code injection, cross site scripting etc. Common targets of defacement are […]
Web Security and Defacement Statistics
Did you know there has been at least 50,000 successful website defacement attacks each month for the past year, or that 55% of successful attacks are actually re-defacements? Web defacement attacks have been rising over the years, with 2015 recording almost a million of such attacks. This one infographic details all the facts you need […]
Business Implications of Web Defacements
Web defacement is often considered a minor form of cyber attack, very much like a petty crime. However, what is the full extent of the impact that it can have on your business? In this article, we take a closer look at some business implications of web defacement, some of which are actually much more […]
