Everything You Need to Know About ARP Spoofing

ARP spoofing — also known as ARP poisoning — is a type of man-in-the-middle attack where an attacker sits between a targeted victim and the router to listen in on their online traffic. This is a form of cyber attack carried out over a local area network (LAN) that involves sending malicious address ARP packets to a default gateway on a LAN in order to change the pairings in its IP to media access control (MAC) address table. Address resolution protocol (ARP) translates IP addresses into MAC addresses. Confused yet? You won't be for long since, by the end of this post, you'll not only understand ARP spoofing, but be able to demonstrate it. And as a result, you'll even learn how to protect yourself against these attacks.

BLOG Dec 17

REWIND: InfoSec Trends That Dominated Headlines in 2021

This past year saw no shortages of breaches, ransomware attacks, and revealed vulnerabilities in the news. nVisium’s team of world-class application security experts is regularly featured in the media for our security and industry expertise. Let’s take a look back to some of the most memorable headlines and security incidents that rocked the infosec industry in 2021.

BLOG Dec 03

Vulnerability Management: Is Declining Mental Health Cybersecurity's Greatest Threat?

The pandemic and work-from-home shift have had a huge effect on the mental health of those in every industry, but the issue is exacerbated amongst development teams since they have historically always been ‘behind the scenes.’ The element of face-to-face interaction has been blurred or lost completely, furthering feelings of isolation among those already in ‘head-down roles. And the absolute last thing that anyone in any role or industry wants to feel like is just another cog in the machine.

BLOG Nov 17

Better Together: Why You Need a Security Champions Program

A security champion is a developer with a vested interest in security who helps to amplify the security message at the team level. Security champions don’t need to be security experts; they just need to act as the security heartbeat of the team, keeping their eyes and ears open for potential problems. In turn, once the team is aware of these issues, it can then either fix the issues in development or call in your organization’s security experts to provide guidance.

BLOG Nov 11

The Top 5 Lessons Learned From the Great Facebook Outage of 2021

The internet was shaken by the outage of Facebook earlier this month. Dozens of big-name companies, including countless smaller ones, were affected by this outage. Because of something as simple as a misconfigured Domain Name System (DNS) record, every device with the Facebook app integration started DDoS-ing recursive DNS resolvers — DDoS meaning "Distributed Denial of Service." This, in turn, caused overloading in numerous cases across the board.

BLOG Oct 27

Defeating Ransomware

Well, it seems the bad guys have won another one with the recent 75 bitcoin ransom payout to unlock the Colonial Pipeline. And despite early indications with the shutdown that other methods would be taken to restore service, it seems that sometimes crime does actually pay. This beg the question of if there are best practices, we should be implementing to take stronger steps towards prevention?

BLOG May 31

How Can Security Assessments Help Your Business

Security should not be a taboo subject for the average business owner, especially when it comes to your information assets. Given that we most live in a knowledge-based economy and every organization relies to some degree on the IT infrastructure, it stands to reason that even a small breach could have catastrophic consequences. So, what should the average business do to protect itself?

BLOG May 24

National Insurance Providers Need The Assurance Of A Security Assessment

National insurance providers are a prime target for cybercriminal because of the volume of personally identifiable information (PII) stored for millions of customers all in one location. This begs the question of how secure is this information and what steps are being taken to ensure your insurers are being protected? This is where periodic security assessments come into play.

BLOG May 17

Software Solution Provider Security Assessments Revisited

Software solution providers have pervasive and stringent access control requirements, but all too often legacy applications haven’t been keeping up with the latest security best practices and this is now opening new vulnerabilities that may be exploited by industrious cyber criminals.

BLOG May 10

The Role Of Security Assessments In Your Red Team Strategy

The “battle” for the security of your digital assets is an ongoing effort to stay ahead of cyber criminals, hackers and assorted bad actors. The concepts of “battle” or “military incursion” also give rise to adopting techniques across industry boundaries. Specifically, the concept of war-gaming the security infrastructure through Red Teams.

BLOG May 03