network vulnerability assessment | Breaking Cybersecurity News | The Hacker News

High impact vulnerabilities in modern communication protocol used by mobile network operators (MNOs) can be exploited to intercept user data and carry out impersonation, fraud, and denial of service (DoS) attacks, cautions a newly published research. The findings are part of a new Vulnerabilities in LTE and 5G Networks 2020 report published by London-based cybersecurity firm Positive Technologies last week. "This paper encompasses the results of security assessments performed during the 2018–2019 timeframe on behalf of 28 telecom operators in Europe, Asia, Africa, and South America." Called the GPRS Tunnelling Protocol ( GTP ), the affected Internet Protocol (IP)-based communications standard defines a set of rules governing data traffic over 2G, 3G, and 4G networks. It also forms the basis for GPRS core network and its successor Evolved Packet Core ( EPC ), thus making it possible for users to keep connected to the Internet while moving from one place to the ot

Penetration tests have long been known as a critical security tool that exposes security weaknesses through simulated attacks on an organization's IT environments. These test results can help prioritize weaknesses, providing a road-map towards remediation. However, the results are also capable of doing even more. They identify and quantify security risk, and can be used as a keystone in cybersecurity policies. The same can be said about broader penetration testing practices. Organizations gain real value from learning about others' penetration testing experiences, trends, and the role they play in today's threat landscape. The world of pen testing can be an interesting balance of open collaboration and closely guarded privacy. While pen testers may engage in teaming exercises, or happily talk technique when they attend Black Hat, most organizations are extremely reluctant when it comes to discussing their pen testing practices and results. Of course, confidentia

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

The recently disclosed FREAK (Factoring attack on RSA Export Keys) attack is an SSL/TLS vulnerability that is affecting major browsers, servers and even mobile devices.  FREAK vulnerability allows the attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to manipulate or steal sensitive data. Although most major hardware/software vendors and owners have patched this flaw, many are still susceptible to this kind of attack.  Instrumental in discovering FREAK flaw, the University of Michigan conducted scans and discovered that an estimated 36.7% of the 14 million websites offering browser-trusted certificates were vulnerable at the time of disclosure.  This includes some very high profile pages like nsa.gov, irs.gov and even the ubiquitous connect.facebook.com (the source of all Facebook "Like" buttons.) IMPACTS OF FREAK ATTACK Intercepts your sensitive,