What is the Dark Web and what do we find there? In September, I wrote about credential stuffing, the kind of attack that depends on the collection of huge amounts of data (lists of user/password pairs), which usually are sold on the Dark Web. But, what is the Dark Web? How could we have access to …
Confusion with the cloud shared responsibility model In a previous post from late 2019, Oscar Prado, cybersecurity analyst at Fluid Attacks, touched on the matter of most companies migrating to the cloud. One year later, we indicated a substantial acceleration and growth in that phenomenon, primarily driven by the pandemic and the security measures that emerged as …
Consider these key attributes to make a good decision Data breaches and multiple cyberattacks against companies of all types and sizes in the now predominant digital world continue to increase. (See information here on the previous year’s cybercriminal trends.) Many of these companies have realized the need to use security testing on their systems to determine if …
But before doing it you must know what smishing is You just won a car! Claim it here! Probably it is not the first time you’ve received this type of SMS on your phone. We probably shouldn’t have to remind you that if you receive something like this, you’d better not open it! Don’t click on any …
Why may the fun of some be the danger of others? Spoofing is not the name of any Pokémon (although it might be), but that of a type of scam. Over the past year, it accounted for more than $216M in losses in the United States (according to the FBI report). Through an email, phone call, or …
Why must companies comply with GDPR policies? May of this year marked the third anniversary of one of the most important legislative implementations of the last decade: The General Data Protection Regulation (GDPR). In Fluid Attacks, we have talked a little about what GDPR is, but today we want to dedicate a particular blog post to talk about what …
Why is security always excessive until it’s not enough? On June 28, the Royal United Services Institute (RUSI) published a report explaining why cyber insurance spurs ransomware attacks. After its publication, several blogs emerged summarizing or detailing the problem (I recommend ZDNet , PCrisk, TechTimes and Security Intelligence articles). This blog post is not intended to summarize the RUSI report. Instead, it will use …
Every person who frequently devotes their attention to the field of cybersecurity most certainly recognizes the OWASP Top 10 Project. However, without leaving aside any reader engaged here, we can say that what this standard “represents [is] a broad consensus about the most critical security risks to web applications.” This top 10 is an invaluable guide for software …
What if this post were a malicious link? Why the f*ck did you click to this post? Seriously, why? Chances are, you were attracted to the title, paradoxically, suggesting not to do something. But, here you are. We are glad you did not follow that direction but we deliberately crafted that title to attract your …
Do you like fried chicken? A year ago or so, KFC -the chicken fast-food chain- was featured in almost every news outlet in the UK: they ran out of chicken for an entire weekend. A horror story for a food-chain with 900 restaurants in the country. People were mad at them, and they were the target of enormous criticism. …
