MICROSOFT SAYS: RUSSIAN SOLARWINDS HACKERS HIT U.S. GOVERNMENT AGENCIES AGAIN
According to the New York Times, Microsoft says the state-backed Russian hacker group Nobelium—the same actor behind the 2020 SolarWinds attacks—took control of the State…
Month: April 2023
Lerhan: Bypassing IDOR protection with URL shorteners
Xavier Blasco (a.k.a Lerhan) is a 23-year old security researcher on the Detectify Crowdsource Platform. He’s passionate about security and found a way in through…
HOW DIGITAL TRANSFORMATION CHANGES AN ORGANIZATION’S SECURITY CHALLENGES
Last week, HackerOne joined WhiteSource, AWS, and IGT for a roundtable discussion about the new security challenges of digital transformation. Both existing organizations making the digital shift and…
Content Security Policy (CSP) explained including common bypasses
We have written about Content Security Policy (CSP) on Detectify Labs before. But maybe you’re wondering why should you have it on your site to…
Enhance Employee Productivity by Adopting a Modern Approach to Password Security
By Joshua Parsons, Product Marketing Manager at Enzoic For decades, enterprise security measures and employee productivity were seemingly at odds. In fact, 37% of respondents…
Complexity is Still the Enemy of Security
Ease of Use, Ease of Integration Encourages Data Protection By Gregory Hoffer, CEO of Coviant Software In 1999 noted cybersecurity expert Bruce Schneier wrote in…
HACK HARD. HAVE FUN. INCREASE SECURITY
Amazon’s Live Hacking Event with HackerOne At Amazon, ensuring security is essential for earning customers’ trust. As part of Amazon’s ongoing public Vulnerability Research Program (VRP),…
What is a blind vulnerability and how can it be exploited and detected?
There are times where an attacker can hack a system and yet nothing is sent back, and this is classified as a blind vulnerability. This…
BUILD A RESILIENT SECURITY POSTURE WITH VULNERABILITY INTELLIGENCE AND CYBERSECURITY RATINGS
Reducing risk is the fundamental reason organizations invest in cybersecurity. The threat landscape grows and evolves, creating the need for a proactive, continual approach to…
Bypassing Cloudflare WAF with the origin server IP address
This is a guest blog post from Detectify Crowdsource hacker, Gwendal Le Coguic. This is a tutorial on how to bypass Cloudflare WAF with the…
Faulty Network Router Disposal Puts Firms At Risk: ESET
Secure data destruction and network router disposal go hand in hand when it comes to office network security. However, a recent study by the ESET…
ANNOUNCING HACK THE ARMY 3.0 RESULTS: A CONVERSATION WITH DEFENSE DIGITAL SERVICE, U.S. ARMY, AND HACK THE ARMY 3.0’S TOP HACKER
Five years after the Defense Digital Service (DDS) launched the first-ever U.S. federal government bug bounty Challenge, we’re pleased to announce the results of Hack…