OUR BLOG
Digital Operational Resilience Act – DORA – Part II
Intro Hello and welcome to the second part of our two-part blog post where we take a deep dive into the Digital Operational Resilience Act (DORA). For those of you who join us now, I would advise you to check Part I to get the whole picture of this pivotal regulatory...
Digital Operational Resilience Act – DORA
Hello, welcome to our deep dive into the Digital Operational Resilience Act (DORA), a pivotal regulatory framework reshaping cybersecurity and operational resilience in the European financial sector. To make this complex topic as accessible and actionable as possible,...
The EU NIS 2 Directive
The NIS 2 Directive (Directive (EU) 2022/2555), adopted by the European Parliament and Council on 14 December 2022, marks a significant legislative effort to enhance cybersecurity and resilience across the EU. This Directive amends Regulation (EU) No 910/2014 and...
Domain Admin through a simple Xerox Printer
IntroductionIn this blog post, we will explore the methods to utilize printers as a means to establish an initial foothold within a network, potentially compromising the domain controller and, consequently, the entire network. We will introduce a newly discovered...
LedgerSMB – CVE-2024-23831: Privilege escalation through CSRF attack on “setup.pl”
During an assessment, we discovered a vulnerability in the LedgerSMB application, a widely-used open-source accounting software tailored for small and mid-size businesses. This vulnerability, identified in versions 1.3 to 1.9, 1.10.0 to 1.10.29, and 1.11.0 to 1.11.8,...
The Current State of Phishing Attacks
Modern Challenges and SolutionsPart 1: Defenses Against Phishing AttacksPhishing attacks, one of the oldest types of cyber threats, have become more sophisticated and diverse. This evolution is due, in part, to advancements in cyber-defense technologies and policies....