Tag: test


Vulnerability Assessments Versus Penetration Tests: A Common Misconception

March 22, 2019

Via: Security Intelligence

X-Force Red is an autonomous team of veteran hackers within IBM Security that is hired to break into organizations and uncover risky vulnerabilities that criminal attackers may use for personal gain. Our team recently unveiled new statistics collected from its […]

Access control

Google reCaptcha Bypass Technique Uses Google’s Own Tools

March 3, 2017

Via: Threat Post

A proof of concept bypass of Google’s reCaptcha V2 verification system, posted online Tuesday, uses Google’s own web-based tools to pull off the skirting of the system. The tool dubbed ReBreakCaptcha “lets you easily bypass Google’s reCaptcha v2 anywhere on […]

Identity theft

How well does social engineering work? One test returned 150%

August 12, 2016

Via: CSO Online

Most organizations’ external perimeter is pretty buttoned up.  But once you make it inside it’s still pretty weak. It’s a pretty quick operation to go from social engineering to exploit somebody’s workstation, to pivoting in the environment and escalate all […]


IBM X-Force finds multiple IoT security risks in smart buildings

February 15, 2016

Via: Tech Republic

According to Gartner, “connected things” in smart homes and smart buildings represent 45% of 1.1 billion IoT devices in 2015. For that many devices, it is disconcerting that security pundits are asking whether these “connected things” are secure. However, it’s […]


Web Application Firewalls Tested Against XSS Attacks

September 15, 2015

Via: vulnerabilities

A researcher has conducted experiments to #test some of the most popular #web application firewalls (#waf) and see how efficient they are in protecting against cross-site scripting (XSS) attacks. A WAF is an appliance, a plugin or a filter that […]


New RC4 Attack

July 28, 2015

Via: vulnerabilities

New research: “All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS,” by Mathy Vanhoef and Frank Piessens: Abstract: We present new biases in RC4, break the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP), and design a […]