Security Awareness

Compromised Credential Leads to Major Educational Data Leak Powerschool

Description

K-12 schools manage vast amounts of sensitive personal information about students and educators. Many school districts utilize a cloud service provider to host this data and provide insights and analytics. PowerSchool stands as the leading provider of cloud-based education software for K-12 education in the United States, serving over 55 million students and 17,000 educational institutions across more than 90 countries. On December 28, 2024, PowerSchool (more…)

What Legislation Protects Against Deepfakes and Synthetic Media?

 

A Deep Look at Legislation

Deepfake legislation in the U.S. is advancing swiftly to combat the rising risks associated with synthetic media, addressing critical areas such as cybersecurity, privacy, election integrity, and intellectual property. Federal and state lawmakers are enacting and refining laws to curb the misuse of deepfake technology, focusing on issues like fraud, defamation, election manipulation, and non-consensual explicit content. These evolving regulations aim (more…)

What are DeepFakes?

Before getting too invested in your online connection, ensure it’s not a DeepFake. Advances in technology have taken catfishing to new heights. Bad actors can manipulate their visuals and voice online or phone to impersonate someone else. They use these false identities to find their way to your heart and data.

 

DEEPFAKES

The mere mention of this should throw you deep into thought. While the concept has (more…)

Understanding Access Control: Authentication vs. Authorization

This post will explore two essential components of Access Control for web applications and APIs: Authentication and Authorization. HALOCK Security Labs’ Pen Testing Team has discovered a significant amount of Authentication and Authorization related findings during web application and API penetration testing. While both these concepts are foundational in computing, they are often misunderstood or confused. Although the concepts themselves may seem straightforward, (more…)

Exploiting API Endpoints

Relying on frontend controls for access management can lead to attackers gaining excessive privileges.

HALOCK Security Labs Web Application Penetration Testing can fully identify and evaluate web application vulnerabilities. There are a variety of ways to exploit a web application to retrieve sensitive data. In a recent client engagement, HALOCK Security Team identified a critical vulnerability by exploiting (more…)

More Corporate Giants are Victims to the MOVEit Vulnerability

Description

There is an adage that says, “Old habits die hard.” Exploitable vulnerabilities die equally hard as well. It was May 28, 2023, when the MOVEit vulnerability was first identified. MOVEit is a secure Managed File Transfer (MFT) software developed by Progress Software that securely transfers files and data between servers, systems, and applications. The vulnerability known as CVE-2023-34362 allows hackers to bypass authentication on unpatched (more…)

Toymaker Settles Data Breach Class Action Suit for $500,000

Description

Squishable, a New York based company that makes cute and cuddly companion toys for children, suffered what is referred to as a Magecart attack that affected nearly 16,000 customers back in 2022. These types of attacks are carried out by injecting malicious scripts into e-commerce sites to steal payment information. In Squishable’s case, the malicious code was present on their website from May 26 to (more…)

Abusing Default Credentials

Attackers can exploit default credentials to escalate privileges within systems, endangering sensitive assets.

Internal Network Penetration Testing is typically done by organizations for compliance reasons, either for HIPAA or for PCI DSS Compliance. But regardless of why most companies invest in it, it’s an essential part of ensuring that your security controls are being managed effectively, and (more…)

Eat, Drink, & Be Wary

This Holiday Season ….

It is a time of joy, generosity, and, for many, a whirlwind of gatherings, traveling, and shopping. Unfortunately, it’s also prime time for cybercriminals. With all the season preparations and events, people often get too busy and distracted. Critical security protocols can sometimes be rushed or forgotten, making everyone even more (more…)

Go to Top