Category: Vulnerabilities
-
When Are You Ready For Agentic AI Security?
The Excitement Is Premature Everyone wants agentic AI in security. Autonomous actions. Self-healing systems. Machines making decisions… Sounds efficient. Sounds inevitable. But are you ready? Or are you just tired of doing the work yourself? “Automation without understanding is just faster confusion.” The Missing Foundation It may sound strange, but if you have never experienced…
-
Security solution which acts like traditional painkiller
most security solutions are like traditional painkillers, we certainly feel better after talking them, but the root cause of pain remains intact and unresolved! as long as we do not address root cause of security incidents and vulnerabilities, we will be feeling better from short-term pain relief of “Security Solutions” and then suffering again soon…
-
utilizing dark web as defense
I was shocked when I heard from a “security professional” that using dark web as means understanding cyber threats has been Just Recently been discovered by them as an effective defense mechanism! no kidding! then why we are surprised we get hacked by the most trivial TTP out there? this is very disappointing that “security…
-
SolarWinds hack: what just happened?
Solarigate, Sunbusrt, UNC2452 or whatever they call it, how even fireEye, SolarWinds, Crowdstrike and many other involved are able to sell and survive after this disaster, and how security community is able to trust them again? it is interesting that how these top security companies with lots of managed service and bunch of products in…
-
Regulating Dark Web!
I came across an article the other day on Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources! A publication from justice.gov with interesting insight but opened an old wound for me! Trying to regulate an environment which is naturally unregulated sounds not reasonable. it is like saying you can…
-
Why Folks Are Not Able to Secure Their Network?
The question simply is: Why we do not feel insecure even spending a lot, giant teams of professional and bunch of fancy tools? And the answer simply is: Wrong Direction! As long as one’s going wrong direction, we certainly cannot even imagine being able to reach the destination. How it is possible to reach the…
-
Why Common Vulnerability Scanning Practice is Useless?
I hope you will find this so obvious but unfortunately security community is highly relied on vulnerability scanning in a way which makes it totally useless or even harmful! Vulnerability assessment is evaluating of a System against known and potential security flaws. A System is simply a collection of processes, workflows, people, nodes, software…but traditional…
-
Penetration Testing vs. Secure Code Review
What is the best way to make sure a software product is secure? The easiest way is to roll out to the market and see what is going to happen and hope everything does well…no kidding, that is what most software developers do! Let’s forget about what majority of software community do and see what…
-
The Only Reason A System Has Not Been Hacked!
Real hackers do not randomly find a flaw in a system. There is a systematic approach to hack a system! Regardless of size and type of an online entity and its online presence, a giant company with ten thousand of employee, or a home user of the Net, the only reason a system (may) have…
-
Microsoft Windows Huge Text Processing Instability
SECURE TARGET (Security Advisory October 17, 2004) Topic: Microsoft Windows Huge Text Processing Instability Discovery Date: October 14, 2004Original Advisory External Links: VULDB, Full-Disclosure, BugTraq, SICHERHEITSLüCKEN, Addict3d, Ls, Der Keiler, Seifried, NetSys, Mail Archive, SecLists, Neohapsis, Checksum, Network Security, Virus, DoddsNet, ReadList, Mega Security, Security Trap, Virovvch, DevArchives Affected applications and platforms: Notepad, NotePad2 and…