In December 2021 a critical vulnerability surfaced named Log4shell within Log4j, a widely used logging tool for java applications. Log4j is used globally by computers running online services, which meant it impacted a multitude of people, organisations, and government organisations. Since then, multiple fixes have been implemented in the hope to avoid such an outbreak in the future.
read moreUsing Telegram monitoring to enhance your attack surface management
by Rosa Jong // 07-04-2022
For several years illicit actors have been switching from the dark web to Telegram. One of the reasons for this change is that several dark web forums have been shut down by law enforcement. With fewer marketplaces to offer their goods and services, online criminals were forced to look for new platforms to reach their customers.
read moreInternational Women's Day 2022
by Cybersprint // 08-03-2022
As today is International Women’s Day, we would like to celebrate the women that work across all departments at Cybersprint. We would like to introduce some of them to you:
read moreWhen paths merge
by Cybersprint // 23-02-2022
When I founded Cybersprint in 2015, I had the vision of bringing security technology from terminals to the boardroom – cybersecurity needed to be elevated to allow management to make the right decisions supported by holistic insights.
read more5 lessons learnt from 2021's vulnerabilities
by Sebastiaan Bosman // 21-02-2022
2021 saw some major cyber hacks, incidents, and digital risks. From Exchange to Log4j, and everything in between. Many of these incidents happened because of vulnerabilities in systems, software, or procedures that threat actors might have been able to abuse.
read moreThe state of API security: global research comparison
by Cybersprint // 10-02-2022
Previously, we reported on the security state of Swagger APIs all throughout Europe. After the EU region, we conducted the same investigation for North America and for the APAC region. This report will make comparisons between the API security levels in the three regions. What differences and similarities can we discern? IS API security a global issue?
read moreEditorial: Why your brand DNA is the foundation of your security posture
by Willem van Zwieten // 20-01-2022
Finding and verifying all of a company’s web assets across the entire internet is a massive undertaking. You essentially need to filter the whole internet and try to pick out what is relevant, and then set about detecting the risks – or even potential risks – within what you have found. This isn’t a process that can be managed manually. The staff-hours alone would make this hugely prohibitive, and that’s without taking into account the potential margin for error. Instead, it requires a different approach, one based around automation. In this editorial, Cybersprint's Lead Data Science & Analytics, Willem van Zwieten, explains how algorithms and automation helps your organisation stay secure.
read moreHow to find and mitigate the recent WordPress CVE-2022-21661
by Sebastiaan Bosman // 14-01-2022
A few days ago, WordPress released a patch for their software. This patch updates WordPress to version 5.8.3, and addresses four vulnerabilities. Three of these vulnerabilities have been rated as ‘high importance’ with two CVSS scores of 8.0, a 7.4, and a 6.6, as they allow for different kinds of attacks. This article explains how the different vulnerabilities could be abused, and how we were able to find the relevant WordPress software to check for risks.
read moreDefend yourself against a coming wave of API cyberattacks
by Cybersprint // 11-01-2022
APIs (Application Programming Interfaces) are used by countless businesses. By defining the rules that programmers must follow to interact with a programming language or software tool, they play a key role in enabling organisations to connect with services and transfer data.
read more