The increase in cyberattacks witnessed over the last few years can be partially attributed to the evolution and spread of automation tools, which are leveraged to perform wider attacks with fewer resources. Many steps of an attack can be automated…
Category: Sections
Yesterday, the team YoloSw4g from Wavestone's Cybersecurity practice took part in the 2022 Defcamp CTF finals. Defcamp is one of the top cybersecurity conference in Europe and every edition is hosted in Bucharest, Romania. Wavestone had the opportunity to play…
If you work in cybersecurity, you have probably heard of the OWASP TOP 10: a standard awareness document that represents a broad consensus about the most critical security risks to web applications. However, in Industrial Control Systems, we never talk…
In recent years, organisations have undertaken major projects to secure their Active Directory (AD). These projects have been launched to counter the threat of a massive compromise of the AD system in order to deploy ransomware, of which there are…
This year again, we were delighted to be able to share our knowledge during Hacker Summer camp (cybersecurity conferences that happen roughly at the same time in Las Vegas each year: BlackHat, BSides Las Vegas, and DEFCON). (Thomas is…
Feedback on AWS and Azure Misconfigurations in cloud environments are still a source of major incidents and will keep on reoccurring endlessly. With the news continuously providing new examples: leakage of 1 billion citizens' data linked to a key leak,…
FOCUS TECH MAUI Sources: https://www.cisa.gov/uscert/ncas/alerts/aa22-187a https://stairwell.com/wp-content/uploads/2022/07/Stairwell-Threat-Report-Maui-Ransomware.pdf https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/ Ransomware Activity Presentation of the figures collected by our tool on the data given by the RaaS platforms about their successful attacks. This graph gives an estimation of the number of victims…
Is it necessary to engage in DevSecOps because projects work in Agile? A few questions need to be asked to get a clearer picture. In previous articles, we talked a lot about how security should be organised to accompany agile…
For the third consecutive time, the French city of Toulon hosted the French southernmost hacking event known as Barb'hack. We - two of Wavestone security auditors - have had the opportunity to attend the conference and participate in the Capture-the-Flag (CTF) event…
Today, many companies have initiated a migration to the public cloud, and this brings its share of benefits, but also new attack surfaces. In this article, we will look at how companies can best manage their security posture, by verifying…