Attack Vector Analysis is the process of identifying and understanding the various ways an attacker could gain unauthorised access to a system or data. It involves examining the different paths, weaknesses, or points of entry that could be exploited by cybercriminals. By studying these potential threats, organisations can strengthen defences and reduce the risk of…
Threat modelling is a process used to identify, assess and address potential security risks in a system before they can be exploited. It involves looking at a system or application, figuring out what could go wrong, and planning ways to prevent or reduce the impact of those risks. This is a proactive approach, helping teams…
Reentrancy attacks are a type of security vulnerability found in smart contracts, especially on blockchain platforms like Ethereum. They happen when a contract allows an external contract to call back into the original contract before the first function call is finished. This can let the attacker repeatedly withdraw funds or change the contractnulls state before…
Homomorphic encryption is a method of encrypting data so that calculations can be performed on it without needing to decrypt it first. This means sensitive information can remain secure while still being processed or analysed. The results of the calculations, when decrypted, are the same as if they had been performed on the original data….
Latent prompt injection is a security issue affecting artificial intelligence systems that use language models. It occurs when hidden instructions or prompts are placed inside data, such as text or code, which the AI system later processes. These hidden prompts can make the AI system behave in unexpected or potentially harmful ways, without the user…
Shadow IT Discovery is the process of finding and identifying software, applications, or devices used within an organisation without official approval or oversight by the IT department. These unauthorised tools can include cloud services, messaging apps, or hardware that employees use to do their jobs more efficiently or conveniently. Discovering shadow IT helps organisations understand…
DNS tunnelling is a technique that uses the Domain Name System (DNS) protocol to transfer data that is not usually allowed by network restrictions. It works by encoding data inside DNS queries and responses, which are typically allowed through firewalls since DNS is essential for most internet activities. This method can be used for both…
Cloud misconfiguration occurs when cloud-based systems or services are set up incorrectly, leading to security vulnerabilities or operational issues. This can involve mistakes like leaving sensitive data accessible to the public, using weak security settings, or not properly restricting user permissions. Such errors can expose data, disrupt services, or allow unauthorised access to important resources.
SQL Injection is a type of security vulnerability that occurs when an attacker is able to insert or manipulate SQL queries in a database via input fields in a website or application. This allows the attacker to access, modify, or delete data in the database, often without proper authorisation. SQL Injection can lead to serious…
Credential stuffing is a type of cyber attack where hackers use stolen usernames and passwords from one website to try and log into other websites. Because many people reuse the same login details across different sites, attackers can often gain access to multiple accounts with a single set of credentials. This method relies on automated…