ONSEC.io Pentesting blog

ONSEC: Boutique Penetration Testing Agency

Sign in Subscribe

Latest

Cyber Daily 5/21: FBI Warns of Router Exploits, National Defense at Cyber Risk, AI in Telecom Cybersecurity, Multiple CVE Patches, Cybersecurity Podcasts Trending

Cyber Daily 5/21: FBI Warns of Router Exploits, National Defense at Cyber Risk, AI in Telecom Cybersecurity, Multiple CVE Patches, Cybersecurity Podcasts Trending

Good morning ONSEC Cyber Daily readers! In today's issue, we're diving into the deep end of cybersecurity, starting with the increasing risks to national defense from cyberattacks. We'll explore how the FBI is warning of cyber actors exploiting end-of-life routers, a threat that hit

Cyber Daily 5/20: iPhone AirPlay Flaws, UK's AI Cybersecurity Codes, Healthcare Cyber Threats, CISA Alerts Discontinued, Toaster Hacking in UK, Google Chrome Vulnerabilities, EU's Vulnerability Database, Patch Tuesday Updates, Cybersecurity Podcasts

Cyber Daily 5/20: iPhone AirPlay Flaws, UK's AI Cybersecurity Codes, Healthcare Cyber Threats, CISA Alerts Discontinued, Toaster Hacking in UK, Google Chrome Vulnerabilities, EU's Vulnerability Database, Patch Tuesday Updates, Cybersecurity Podcasts

Cyber Daily 5/16: SonicWall and Ivanti Vulnerabilities, CISA Alerts on Windows and Fortinet Exploits, Google and India Warn Android Users

Cyber Daily 5/16: SonicWall and Ivanti Vulnerabilities, CISA Alerts on Windows and Fortinet Exploits, Google and India Warn Android Users

Cyber Daily 5/15: SK audits for vulnerabilities, ASD alerts on Ivanti Endpoint Manager, FBI warns on router risks, UAE acts on Microsoft flaws, Patch Tuesday tackles multiple CVEs

Cyber Daily 5/15: SK audits for vulnerabilities, ASD alerts on Ivanti Endpoint Manager, FBI warns on router risks, UAE acts on Microsoft flaws, Patch Tuesday tackles multiple CVEs

Cyber Daily 5/14: CISA Warns of TeleMessage Vulnerability, Chinese Hackers Exploit SAP, Oracle Cloud Hosts eQure's Cybersecurity Platform, EU Launches Vulnerability Database

Cyber Daily 5/14: CISA Warns of TeleMessage Vulnerability, Chinese Hackers Exploit SAP, Oracle Cloud Hosts eQure's Cybersecurity Platform, EU Launches Vulnerability Database

Cyber Daily 5/13: FBI and Indian Govt Warn of Cyber Vulnerabilities, Automation in Vulnerability Management, Proxy Botnets Takedown, Apple and Asus Patch Critical Flaws

Cyber Daily 5/13: FBI and Indian Govt Warn of Cyber Vulnerabilities, Automation in Vulnerability Management, Proxy Botnets Takedown, Apple and Asus Patch Critical Flaws

Cyber Daily 5/9: FBI Warns of Old Router Vulnerabilities, UK Encryption Backdoor Sparks Concern, Microsoft Bookings and Cisco IOS Vulnerabilities, AI Supercharges Cyber Threats

Cyber Daily 5/9: FBI Warns of Old Router Vulnerabilities, UK Encryption Backdoor Sparks Concern, Microsoft Bookings and Cisco IOS Vulnerabilities, AI Supercharges Cyber Threats

pentest

TCP Tarpit and Port Scanning. Barricades on Both Sides.

TCP Tarpit and Port Scanning. Barricades on Both Sides.

Introduction Thousands of articles have been written about port scanning, discussing techniques, methodologies, tools... Yet, even in such a seemingly straightforward topic, there are several less-covered nuances. If you regularly scan subnets, participate in bug bounties, perform penetration testing, or automate this process, then this article might be useful to

When you're so bored, you start debugging someone else's code: bug hunting in a random Cloud-Native project

When you're so bored, you start debugging someone else's code: bug hunting in a random Cloud-Native project

Sandbox escape or How to catch all servers of the company

Sandbox escape or How to catch all servers of the company

CodeQL vs Semgrep: Fun and Friendly Showdown of SAST tools🥊

CodeQL vs Semgrep: Fun and Friendly Showdown of SAST tools🥊

Fresh Blood: Why Changing Pentest Providers Can Improve Your Security Posture

Fresh Blood: Why Changing Pentest Providers Can Improve Your Security Posture

Getting ready for your first pentest: startup founders guide

Getting ready for your first pentest: startup founders guide

Pentests Matrix for Top Security Compliances

Pentests Matrix for Top Security Compliances

rceexploit

Deep Dive into the CVE-2022-29464 RCE exploit

Deep Dive into the CVE-2022-29464 RCE exploit

WSO2 is the leading API Management solution company. It provides various software products for connecting, managing, and securing APIs (Application Programming Interfaces). Organizations in various industries, including financial services, healthcare, government, telecommunications, and retail, use WSO2 products. In April 2022, security researchers recently found a critical vulnerability in certain WSO2

compliance

Pentests Matrix for Top Security Compliances

Pentests Matrix for Top Security Compliances

The multitude of guidelines and regulations can be overwhelming, especially when it comes to understanding the penetration testing requirements for each. Determining what each compliance standard requires from a penetration test can be a headache, but it's crucial to get it right. To simplify the process, we'