A quick Saturday digest of cybersecurity news articles from other sources.Learn technical details about this newly disclosed security vulnerability, as well as mitigation recommendations from the Google researcher who discovered it.
This post is for my cybersecurity students, and anyone else taking a cybersecurity class or studying for a certification exam.
From Jason Dion: “The most common type of code injection is SQL injection. An SQL injection attempts to modify one or more of an SQL query’s four basic functions: select, insert, delete, or update. Two common methods of performing an SQL injection are either using a single apostrophe (‘) or submitting an always true statement like 1=1. As a penetration tester, you ...
Continue Reading →
Perhaps your company has purchased secondhand phones or computers, only to discover that the previous owners had left personal information on them. Or perhaps you’ve heard of major corporations getting penalized millions of dollars for improperly disposing of their IT assets.
Or perhaps you’ve read frightening news reports of landfills stacked high with discarded devices in poor countries, ...
One of the trends that I am seeing, at least as it applies to the curriculum used in most cybersecurity certifications, such as the CISSP, CASP+, and CySA+, is that technology is moving to a software-defined, virtualized everything. The latest issue of the Internet Protocol Journal, Volume 24, Issue 2, July 2021 has an interesting article titled Network Functions Virtualization. Reading the article made me think back to the topics I’d been teaching about Software-Defined Networking, which involves splitting traditional router functions into the ...
Continue Reading →