Joel Abraham’s Post

Need an External Security PEN Test? We’re Ready to Start in 24 Hours. Get enterprise-grade PEN testing from 50 U.S.-certified operators (5-15 years of experience), with a budget-friendly cost of $7,800 for up to 512 IPs. What’s included: • Manual External Attack Simulation • AttackN™ Platform: 4-6 scanners, 20-30 automated attack simulations (network & web app vulnerabilities) • 30 days of continuous external scanning Stay ahead of threats. Message me today to get started or meet our operators. #Cybersecurity #PenTest #ExternalTesting #VulnerabilityManagement #Compliance #USbased #cepts #cpts Devon Vance Greg Hall Identify Security

Need an External Security PEN Test? We’re Ready to Start in 24 Hours. Get enterprise-grade PEN testing from 50 U.S.-certified operators (5-15 years of experience), with a budget-friendly cost of $7,800 for up to 512 IPs. What’s included: • Manual External Attack Simulation • AttackN™ Platform: 4-6 scanners, 20-30 automated attack simulations (network & web app vulnerabilities) • 30 days of continuous external scanning Stay ahead of threats. Message me today to get started or meet our operators. #Cybersecurity #PenTest #ExternalTesting #VulnerabilityManagement #Compliance #USbased #cepts #cpts Devon Vance Greg Hall Identify Security

Need an External Security PEN Test? We’re Ready to Start in 24 Hours. Get enterprise-grade PEN testing from 50 U.S.-certified operators (5-15 years of experience), with a budget-friendly cost of $7,800 for up to 512 IPs. What’s included: • Manual External Attack Simulation • AttackN™ Platform: 4-6 scanners, 20-30 automated attack simulations (network & web app vulnerabilities) • 30 days of continuous external scanning Stay ahead of threats. Message me today to get started or meet our operators. hashtag #Cybersecurity #PenTest #ExternalTesting #VulnerabilityManagement #Compliance #USbased #cepts #cpts

Vulnerability disclosure🚨Two serious vulnerabilities have been discovered in the Proroute H685t-w 4G Router running firmware version 3.2.334 including: 1. Authenticated Command Injection (CVSS: 8.8 - High) Attackers can execute arbitrary commands via the admin interface. Affects the OpenConnect and PPTP client pages. Exploitation can lead to unauthorized access and complete device control! 2. Reflected Cross-Site Scripting (CVSS: 5.5 - Medium) Allows attackers to execute arbitrary JavaScript in victims' browser sessions. This can lead to session hijacking and data theft. ➡ For detailed information, read our full blog post here: https://lnkd.in/ewg33YmK Action Required:🔄 If you're using this device, update your router firmware to 3.2.335 or higher to mitigate these vulnerabilities. #Cybersecurity #VulnerabilityDisclosure #RouterSecurity #ProrouteH685tW

🚨 Critical Vulnerability Alert (CVE-2024-6342) 🚨 Zyxel has issued hotfixes for a critical command injection flaw affecting its NAS326 and NAS542 devices, even though they are at the end of life. This vulnerability, found in the export-cgi program, can be exploited by unauthenticated attackers through a specially crafted HTTP POST request, enabling them to execute OS commands remotely. Users should immediately apply the hotfix for enhanced protection. Stay secure and ensure your devices are patched! ⚠️ #CyberSecurity #Zyxel #Vulnerability #CVE20246342 #PatchNow #DataProtection #Haxoris

📢 Attention Android Users! 📱 Google’s December 2024 Android Security Patch is here, addressing critical vulnerabilities to keep your devices safe!! 💡 What You Should Do: 1️⃣ Check your Android’s update status via Settings > Software Updates. 2️⃣ Apply the latest security patch to shield against these threats. 3️⃣ Enable automatic updates to stay protected moving forward. 🔗 Pro Tip: Always verify updates are installed promptly, as older devices or manufacturers may delay patch rollouts. 👉 Stay secure with products that prioritize #CyberSecurity and are #SecureByDesign #AndroidSecurity #AndroidUpdates #Vulnerabilities #PatchUpdates #CyberThreats #StaySafe #ZeroDay #MobileSecurity 🚨📱🔒

JTAG: The hidden key to hardware security We've seen firsthand how this powerful debugging interface can make or break device security. At Redfox, we're constantly amazed by JTAG's capabilities: • Direct access to device internals • Bypassing software security measures • Firmware modification and data extraction But here's the kicker: JTAG is a double-edged sword. It's essential for development, yet a potential goldmine for hackers. How are you securing JTAG in your products? Share your strategies below 👇 #HardwareSecurity #JTAG #CyberSecurity #HardwarePentest #IoTSecurity

Hidden within device firmware can be vulnerabilities — weaknesses hackers exploit to gain unauthorized access, steal data or disrupt operations. In this infographic, we explore 4 of the most infamous examples to date. Download it now. https://lnv.gy/4g1rC2z #LenovoDeviceManager #EndpointManagement #ITSolutions #DeviceSecurity #PowerManagement #TechEfficiency #ITAdminTools #LenovoSoftware #RemoteManagement #DigitalWorkplace

FYI - 'CISA and the FBI issued a joint alert on exploitation of OS command injection vulnerabilities in network edge devices. OS command injection vulnerabilities arise when manufacturers fail to properly validate and sanitize user input when constructing commands to execute on the underlying OS. Designing and developing software that trusts user input without proper validation or sanitization can allow threat actors to execute malicious commands, putting customers at risk' - https://lnkd.in/eQY4b4QE #cybersecurity #CISA #NetworkDevices #vulnerabilities #cyberattacks #Edge

Subprocessor refusing pen test: cybersecurity red flag? Context: imagine an app relying on a subprocessor for a given use case. The app owner wants to conduct a pentest for identifying potential vulnerabilities and fixing them. Reaching out to the subprocessor to check whether this is ok, the subprocessor refuses. Question: is it common? If the cost of the pentest is taken care of by the client and not by the subprocessor, did you already see such refusals anyway? Are there legit refusal motives? (service disruption, hidden costs) Curious about your opinion, security fellows. #pentest #redteaming #tprm