A CISO’s Guide To Penetration Tests
Penetration testing (PT) has benefitted organisations for years. The increase in supply and demand of this is driven by a number of factors, including the sophistication of cyberattacks, and the volume and complexity of data.
Can Low Code-No Code and Security go together?
Low-Code No-Code (LCNC) platforms provide a graphical user interface (GUI) that allows users to create custom applications without the need to write code. These popular platforms contain pre-built templates, components, plugins, and themes to expedite the development process and cut costs.
On Feb 15, 2023, the OP Innovate incident response team responded to multiple ransom attacks being carried out simultaneously on US companies. Some were perpetrated by a new group named “Buhti”.
Broken Access Control in REST APIs – Shields Up 🛡️ !
Unfortunately, I have a long relationship with Broken Access Control (BAC) in most of its forms. As a research leader, I often encounter critical security flaws that have one thing in common – they are all the result of a bad access control design.
“Are you using Slack, WhatsApp, Telegram or other DM apps for work? congrats you are in a critical cyber risk”
As technology advances, we tend to think that advances in security should run in parallel. This is only partly true. End to-end encryption is now standard in instant messaging chats.
How I found a CVE in a 4 milion (!) active users of WordFence
One of our goals at OP Innovate is to protect our clients and partners at all times. During a recent penetration testing engagement, the testing scope included a WordPress website.
Under the hood of a Smishing campaign
Earlier today our OP Innovate research team received yet another Smishing attempt asking them to provide credit card details
The Art of the Red Team
This article pulls together some of the tactics and techniques used by OP Innovate researchers during a red team exercise. Please note, tools, tactics and techniques are described below for educational purposes only!
Email-based attacks in the COVID-19 era
Since life in the shadow of the Covid-19 pandemic became “new normal”, we at OP Innovate have seen an excess of business email compromises (BEC) incidents.
A new ransomware attack group called N3tw0rm is claiming to have penetrated the network of several Israeli companies included Veritas, an international shipping and logistics company