Free Access

Category: Cyber Risk Management

NOBELIUM APT29 – EnvyScout

This image is about NOBELIUM APT29's use of EnvyScout.

Blog Summary of Analysis The NOBELIUM group is also known as APT29. NOBELIUM has generally targeted government institutions, non-governmental organizations, think tanks, the military, IT service providers, R&D companies working in the healthcare field, and telecommunication providers in its attacks so far. It has been observed that the NOBELIUM group has been using Spear Phishing […]

What are Multiple Apache Vulnerabilities?

This image is about multiple Apache vulnerabilities.

Blog Multiple Apache Vulnerabilities Multiple Apache Vulnerabilities can expose systems to various risks, including unauthorized access, denial of service, and data breaches. In this article, Apache Server and its vulnerabilities, and ways to mitigate these threats will be talked about. How to find the website’s server? There are multiple tools available to find out which […]

What Is Jquery XSS Vulnerability Version?

This image is about jQuery XSS vulnerability versions.

Blog Jquery XSS Vulnerability Version; Much information, including personal information, can be captured and operations can be performed on computers. Let’s start with what jquery and XSS are. Jquery is a library of JavaScript. It was created to facilitate the use of JavaScript on websites. It is not a separate programming language and works with […]

What is File Upload Vulnerability?

This image is about file upload vulnerability.

Blog File upload vulnerability File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size. Failing to properly enforce restrictions on these could mean that even a basic image upload function can be used to upload arbitrary and potentially […]

What is Weak SSL Algorithms?

This image is about weak SSL algorithms.

Blog Weak SSL algorithms are cryptographic protocols that do not provide adequate security, making it easier for attackers to intercept sensitive data. Sensitive data must be protected when transmitted over the network. This data may include user credentials and credit card information. Servers are authenticated using digital certificates. These are SSL/TLS certificates. TLS encrypts communication […]

What is Server Header Information Disclosure?

What is Server Header Information Disclosure?

Blog Server Header Information Disclosure In this article, what is Server Header Information Disclosure and what ways it causes will be discussed. While the web server sends HTTP headers to the user to respond, it exposes the server version and the technologies used by the web server. This information plays an important role in determining […]

What is SSL Expire?

SSL Expire" means an SSL certificate has expired, causing security warnings for site visitors.

Blog SSL Certificate An SSL certificate is a digital certificate that authenticates a website and encrypts information sent to a server using this technology. How to learn SSL certificate duration? There are websites to query the expiration time of the SSL certificate. Secondly, the SSL certificate duration can be learned with the following command line […]

What are Multiple Microsoft IIS Vulnerabilities?

This image is about multiple Microsoft IIS vulnerabilities.

Blog In this article, Microsoft IIS Server vulnerabilities and ways to mitigate these threats will be discussed. How to find the website’s server? There are multiple tools available to find out which web server is used. The first of these is curl -I command. curl -I command is run on terminal in order to learn […]