Randori discovered Zero-day in Palo Alto’s GlobalProtect Firewall, affecting ~10,000 assets.
Outline Palo Alto Networks (PAN) released an update on November 10, 2021, that patched CVE-2021-3064, which was discovered and disclosed by Randori. This vulnerability affects PAN firewalls that use the GlobalProtect Portal VPN, and it allows for unauthenticated remote code execution on susceptible product installations. …
JSON Web Tokens – Attack and Defense
In this blog, we will learn about JSON web tokens and advantages of using them over traditional methods of authorization and authentication. We will delve deeper into the ways a malicious adversary can attack JWT implementations and learn about preventing such pitfalls. What is JWT? …
Use Case – Automating Cybersecurity Deployment in the Oil & Gas Industry
The oil and gas industry heavily depends on Operational Technology for managing the industrial process. However, industrial systems are highly exposed to the risk and danger of cyber-attacks which makes cybersecurity solutions as a vital requirement for the Oil & Gas sector. The flawless delivery …
Why Penetration Testing as a Service
Introduction Security vulnerabilities are a reality faced by the digital world at an increasing fast pace. Given this reality, penetration testing has become a critical method for protecting systems and applications from security vulnerabilities. Penetration Testing helps in assessing the security posture and discovers potential …
An effective Cybersecurity program?
The ever-growing threats of cyberattacks have made every small and big enterprise spend a fortune on implementing a vigilant and resilient cybersecurity program. A popular cybercrime magazine Cyber Security Ventures predicted in June 2019 that the global cumulative cybersecurity spending of five years would exceed $ 1 …
Penetration Testing in 2020
Why do you require Pentest as a Service (PTaaS)? In the early era the abilities of a computer to share and transfer information between a client server model across all communication lines gave insights to computer security and Cybersecurity. During an annual conference held in …