Cybersprint Blog

Since the beginning of the internet, we have seen a near, if not an exponential, surge of information sharing amongst users in cyberspace. Not long after, we saw how the emergence of social media ushered an access to public online platforms where other internet users worldwide could share, discuss, promote, and consume information, whether by deliberate choice or not.

On 2 June, 2022 a critical vulnerability was identified in Atlassian Confluence (CVE-2022-26134). The vulnerability in question relates to active exploitation of unauthenticated remote code execution in Confluence Data Center and Server; meaning that the vulnerability could lead to code being executed remotely.  

In December 2021 a critical vulnerability surfaced named Log4shell within Log4j, a widely used logging tool for java applications. Log4j is used globally by computers running online services, which meant it impacted a multitude of people, organisations, and government organisations. Since then, multiple fixes have been implemented in the hope to avoid such an outbreak in the future.

For several years illicit actors have been switching from the dark web to Telegram. One of the reasons for this change is that several dark web forums have been shut down by law enforcement. With fewer marketplaces to offer their goods and services, online criminals were forced to look for new platforms to reach their customers.

As today is International Women’s Day, we would like to celebrate the women that work across all departments at Cybersprint. We would like to introduce some of them to you:

When I founded Cybersprint in 2015, I had the vision of bringing security technology from terminals to the boardroom – cybersecurity needed to be elevated to allow management to make the right decisions supported by holistic insights.

2021 saw some major cyber hacks, incidents, and digital risks. From Exchange to Log4j, and everything in between. Many of these incidents happened because of vulnerabilities in systems, software, or procedures that threat actors might have been able to abuse.

Previously, we reported on the security state of Swagger APIs all throughout Europe. After the EU region, we conducted the same investigation for North America and for the APAC region. This report will make comparisons between the API security levels in the three regions. What differences and similarities can we discern? IS API security a global issue?

Finding and verifying all of a company’s web assets across the entire internet is a massive undertaking. You essentially need to filter the whole internet and try to pick out what is relevant, and then set about detecting the risks – or even potential risks – within what you have found. This isn’t a process that can be managed manually. The staff-hours alone would make this hugely prohibitive, and that’s without taking into account the potential margin for error. Instead, it requires a different approach, one based around automation. In this editorial, Cybersprint's Lead Data Science & Analytics, Willem van Zwieten, explains how algorithms and automation helps your organisation stay secure.