Bitcoin account hijacking using OSINT techniques
Researchers at Kudelski Security have managed to break Bitcoin and Ethereum wallets using a novel attack against one of the most popular asymmetric key algorithms of modern cryptography, ECDSA.
Chinese researchers: RSA is breakable. Others: Do not panic!
In a recent publication, Chinese researchers claim that there is an existing algorithm that, even with today's quantum computers, makes it possible to break the RSA algorithm, which is the fundamental basis of secure internet communication. At the same time, there are doubts about the reliability of the publication.
Weaknesses of signature-based API protection
Web Application Firewalls (WAFs) are widely used to protect websites and APIs against various attacks, such as SQL injection (SQLi) and cross-site-scripting (XSS).
No Zero Trust Network without strong authentication
A “Zero Trust” cybersecurity model has been one of the most important innovations in organizational risk management in recent years. It constitutes a fundamental shift in mitigating risk, but one that is still not widely adopted or even understood.
The role of APIs in Open Banking initiatives
The practice of securely sharing financial data, subject to customer consent, through banking APIs gave birth to hundreds of new applications that were previously unavailable.
API and cloud security in times of cyber-warfare
The Russia-Ukraine war has already taught cybersecurity practitioners many lessons, but as we move forward in time, there are more and more seemingly less significant issues to address that have long-term importance, such as API and cloud security.
API security: There is nothing new under the sun
There is really nothing new under the sun: APIs are secured by exactly the same precautions as anything else you publish on the internet.
Trusted Types: A world without XSS
XSS, or cross site scripting, is one of the most widespread security problems today, as confirmed by statistics from bug-hunting companies such as Hackerone.
Wars and Cyber Warfare in the Age of APIs
A new chapter in the security of our world opened on 24 February 2022. APIs are expected to be the most attacked interfaces in 2022.
API security and online fraud? What is the connection?
According to Europol, online fraud is one of the major cyberthreats we face. One of the effective tools against them is a content analysis on API traffic.
The growing costs of fraud
The infograph gives insight into the global trends concerning fraud and demonstrates why you need to implement fraud prevention measures.
Weakened encryption is a silver bullet - not just for law enforcement agencies, but for cybercriminals
United Nations is preparing to negotiate a draft of a new convention on cybercrime. Szilárd Pfeiffer has shared his thoughts on data privacy and encryption at an intersessional consultation of the United Nations Office on Drugs and Crime.
New security tools are required in a new era
A new chapter in the security of our world began on 24 February 2022. It's time to prepare your organization against an even stronger wave of cyberattacks.
The internet is a global village, not a metropolis
Think the internet is large enough to hide from criminals in the hope you won’t be the next victim of a cyber attack? Sadly, this is no longer the case. The internet is a global village, where everyone is your neighbor, and anyone can detect your mistakes and vulnerabilities.
Lessons learned from 2021 cyberattacks
What are the key learning points of 2021 from a cybersecurity point of view? Csaba Krasznay, Director of Cybersecurity Research Institute at National University of Public Service shares his thoughts.
How would Zero Trust prevent a Log4Shell attack?
Log4Shell has made waves in the not-so stagnant waters of the IT Security industry last December. The post explains how organizations should apply Zero Trust to prevent Log4Shell - and similar - attacks.
2022: Year of the cyber cataclysm?
A lot of bad cyber-related things happened in 2021. Solarwinds, the Colonial Pipeline, and the Microsoft Exchange and log4j vulnerabilities, to name but a few. But what does the future hold for us in 2022?
Modern Techniques to Prevent Malware instead of Detecting It
Google lists 12,400,000 results to the search of "malware detection tools." Is malware detection a silver bullet, or is there a smarter method to prevent malware attacks? We believe there is one.
Are ransom DDoS attacks coming back?
The emerging threat of ransom DDoS attacks is knocking on the doors, or rather the TCP ports, giving us another example of how cybercriminals are adapting to their victims’ IT infrastructure and cyber defense.
Why is Zero Trust more important than ever before?
In the age of ransomware and supply chain attacks, how can organizations defend themselves? One of the possible answers is Zero Trust.
Zero Trust: Is it anything new?
What are the theories and practices and why they are so important? Let’s take a look.
The Shadow of Mass Endpoint Surveillance – Is the Network Already Secure?
Government agencies and Big Tech companies want to automatically scan mobile devices to fight against terrorism or child sexual abuse materials. Should we let them do that?
What can we learn from the Coursera API-story?
A number of security vulnerabilities have been found and disclosed in the Coursera online learning platform. Csaba Krasznay summarizes the key learning points of the story.
What’s new in Balasys Proxedo Network Security 1.0.5
Key new features that have been added to the product since the 1.0. release
7 tips to prevent breaches like the SolarWinds hack
Let's learn from the SolarWinds hack!
Balasys TOP10 IT Security Predictions 2021-2023
In the past year, COVID-19 has had a greater impact on work habits and security environments than any other health emergency in history.
Complement web application firewalls and API management
A Proxedo API Security use case
Zorp GPL – an open source, cloud-based firewall for Kubernetes
The benefits of Zorp GPL when used as an ingress controller in Kubernetes
Why do you need API security?
Major concerns around the security of API-traffic and introduction of a potential solution.