Businesses now more than ever, are vulnerable to cyber-attacks. This is why we will focus on prevention and how to stay ahead of attackers with the use of a Privileged Access Management (PAM) solution.
Excellium Services and BitSight: which level of control do you have on your cybersecurity supply chain?
Contern – Luxembourg, 19th October 2021
Organizations are used to conduct mature processes to onboard a third-party, through sourcing, procurement, or vendor management. However, such processes do not often cover the long-term perspective and controls about any change that may occur within their partners. Manual interactions with the third-parties have an expensive cost and require staff that are focused on other concerns. Evaluation of the cybersecurity posture of third parties do not diverge from that trend. However, as a breach in a supplier’s Information System may have a huge impact on your own, how to conciliate a proper risk assessment and agility in an ever-growing interconnected world?
How to automatically validate the configuration of your API Gateway?
API everywhere…
Today, it is common for software, companies, etc. to provide a web API to expose data to their customers or partners11. https://blog.postman.com/api-growth-rate/. The objective is to facilitate the integration between Information Systems and create new business opportunities. For example, for banks, API was a way to provide more services to their customers through mobile applications. Do you remember the last time you needed to contact your bank directly or go physically to your bank agency?
Access the potential of the cloud to enhance global security
With its Excellium360 for Office 365 & Azure offering, the BELUX cybersecurity specialist provides its customers with access to advanced security features, such as Microsoft’s SIEM “Sentinel” solution. Integrated with Excellium’s Security Operations Center, it enables the cybersecurity of IT environments deployed both on-premises and in the cloud to be reinforced. Read more
Managed Detection and Response Services for Microsoft Cloud
In order to assist organizations in their migration while guaranteeing an adequate and homogeneous level of security on their own infrastructures and in the cloud, Excellium Services is launching a new service in partnership with Microsoft.
Read more
How to report a security issue in a standardized manner with Security.txt
The sushi syntax is incorrect
Our story begins on a Friday evening. An InfoSec guy passes an order on an only sushi shop to take a romantic break with his sweetheart. He selects dishes and clicks on the “Checkout” button, however, instead of receiving the expected checkout page, he gets an SQL error page:
“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near “Sushi”.” |
How to test your defence in-depth with the Assume Breach approach
For the past two years, we observed growing requests of companies towards realistic tests based on breach and crisis simulations. Indeed, the classic model shows its limits when an application or a network has been tested many times. One can be pretty sure that the first line is secured, but another one can also be completely blind about what could happen next if it is not the case.
How to beat your vulnerabilities? Time to fight back!
The fight against vulnerabilities is a constant battle, a real race between hackers and organizations trying to keep them out. Unfortunately, organizations happen to lose.
Password hashing: Be careful about what you hash!
Context of the hashing issue
During a web assessment, Excellium’s Intrusion & AppSec team audited a PHP application where users passwords were stored using the bcrypt hashing algorithm. As bcrypt 1https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.htmlis still a valid and recommended algorithm to hash passwords, compromising passwords 2https://github.com/danielmiessler/SecLists/tree/master/Passwords/Common-Credentials should not be an easy task. However, sometimes, the devil is in the details.
Covid-19: Moving away from the physical in a secure way
A shift in working patterns implies a changed information risk landscape