Recently, during a web application penetration test, we uncovered a situation where a combination of seemingly small vulnerabilities led to a major security breach. We found a stored Cross-Site Scripting (XSS) flaw in the comments section of a support ticketing system. This, paired with weak session security, allowed us to hijack a user’s account. While[…] Read
Penetration Testing Services 101 Are you easy to hack? That’s the big question. Yet many organizations don’t even know where their weaknesses lie. Penetration testing (AKA pen testing) solves this problem. This is a service provided by a company that specializes in cybersecurity and ethical hacking. The goal of the exercise is simple: Try to breach a[…] Read
As cyber threats evolve, businesses must protect sensitive data and maintain operational resilience. Vulnerabilities—weaknesses within IT systems—can leave organisations open to damaging cyber-attacks, data breaches, and compliance violations, particularly under legislation such as the Data Protection Act 2018. Effective vulnerability management, therefore, isn’t just good cybersecurity practice; it’s a critical component of compliance with recognised[…] Read
As cyberattacks become more and more sophisticated, organizations of all sizes need to monitor and respond to threats in real time. Yet it’s incredibly expensive to hire and manage your own 24/7/365 cybersecurity team. SOC as a service provides a welcome alternative. You get all the power of a SOC (security operations center) without the cost[…] Read
Not too long ago, JSON Web Tokens (JWTs) were widely regarded as a go-to solution for authentication, praised for their security, scalability, and simplicity. However, today, the penetration testing team at CybaVerse—along with other security researchers—frequently uncovers high and critical vulnerabilities in their implementations. The thing is automated scanners don’t typically pick up JWT misconfigurations[…] Read
Are you confident that your nonprofit’s IT systems are secure and reliable? Do you know what hidden fees to look out for when choosing an IT support provider? Is your organization’s cybersecurity protection robust enough to withstand modern threats like ransomware? As a nonprofit organization, ensuring your IT systems are secure and functional is vital[…] Read
From August to November 2024, various malicious activities were recorded, including multiple incidents involving a cryptocurrency mining malware known as “Redtail”. This report delves into how Redtail operates, its advanced tactics, and strategies to counter its threat. Redtail exploits compromised systems to mine cryptocurrency without authorisation, using scripts to ensure compatibility and eliminate competing miners.[…] Read
In 2024, the cyber threat landscape has grown increasingly complex and perilous, characterized by a surge in sophisticated ransomware attacks and the proliferation of AI-driven threats. These advanced attacks are not only more targeted but also more frequent, challenging organizations to adapt swiftly and robustly to safeguard their networks and data.The Shift in Cybersecurity StrategiesAs[…] Read
As Cloud Solutions Director at 360 Visibility, I’ve seen firsthand how businesses underestimate the impact of proactive security. In my role, I’ve worked with countless organizations to strengthen their defenses, drawing on Microsoft’s advanced technologies and my expertise across security, infrastructure, and cloud solutions. Cybersecurity cannot be an afterthought. A reactive approach exposes businesses to[…] Read
Recent investigations have uncovered a concerning infection chain leveraging fake CAPTCHA pages to distribute malware, particularly Lumma Stealer. This campaign, observed by McAfee Labs and highlighted in findings from CloudSEK, targets users globally, illustrating the extensive reach of this attack method. Infection Vectors Identified The infection chain involves two primary vectors leading users to fake[…] Read
