Cybersecurity Tips and Tricks

While cybersecurity is a technical discipline — and we all love technical how-tos and in-depth tool reviews that empower our security toolkits — there are also strategic concepts and security basics we uphold as pillars of the industry.

Whether you’re a security veteran, just starting out in infosec, or simply want to know more about the security concepts and practices that shape the decision-making process in any modern organization, we’re here to help.

In our “Cybersecurity Tips” section you’ll find information about true cybersecurity basics including security automation, threat intelligence, social engineering, ransomware, and indicators of compromise, as well as updates on new attack methods and cybersecurity trends such as quantum computing, DevSecOps, security through obscurity, and more.

Each blog post will lead you through these concepts and their history, and we’ll get down to the nitty gritty on our subjects along with best practices and helpful tips on ensuring protection.

Man-in-the-Middle Attacks: When Three's a Crowd.
SecurityTrails Blog · Jan 26 · by Sara Jelen

Man-in-the-Middle Attacks: When Three’s a Crowd

When you’re browsing the web, you would expect that your communications and the information exchanged are kept private, having not been tampered with in transit. Whether it’s merely login credentials, personally identifiable information or even bank account details, we exchange a lot of information on the Internet every day—and while we expect the utmost security, that certainly isn’t the rule.

Why Not to Set Domains to Private IPs.
SecurityTrails Blog · Jan 21 · by Gianni Perez

Why Not to Set Domains to Private IPs

“An ounce of prevention is worth a pound of cure.” ― Benjamin Franklin The concept of risk is ubiquitous across the cybersecurity landscape. In this day and age, it is difficult to envision any security-conscious organization not having alluded, hopefully more than once, to the serious consequences attached to avoiding the subject, particularly when it comes to protecting its most sensitive digital assets and personal data.

Top 5 Tips for Securing Your Dev & Test Environments, and Why You Should.
SecurityTrails Blog · Jan 07 · by Gianni Perez

Top 5 Tips for Securing Your Dev & Test Environments, and Why You Should

In his seminal work, The Mythical Man-Month, Frederick Brooks Jr. tells us that software development is homologous to a tar pit where many efforts flounder regardless of the appealing nature of the task or the relative tractability of the underlying physical medium. In what he calls one of the “woes of the craft”, the author goes on to explain that the pervasive optimism among programmers regarding the conception of a software project is rarely maintained after we take into account the set of complex interdependencies commensurate with others’ skills and objectives.

5 AWS Misconfigurations That May Be Increasing Your Attack Surface.
SecurityTrails Blog · Dec 10 2020 · by Gianni Perez

5 AWS Misconfigurations That May Be Increasing Your Attack Surface

Not all data breaches are created equal. While many remain the product of technical prowess so often associated with malicious actors, a burgeoning amount can be attributed to security misconfigurations and overly-permissive entitlements plaguing cloud ecosystems around the globe. Close to 70 percent in fact, according to a survey conducted by Ermetic, an identity and data protection firm.

What is Privilege Escalation? Types, Techniques and Prevention.
SecurityTrails Blog · Nov 24 2020 · by Sara Jelen

What is Privilege Escalation? Types, Techniques and Prevention

When attackers attempt to steal data, having insider access to a system is their best bet. And if that insider access is gained through a privileged account that holds the keys to critical systems and data, that would be like hitting the jackpot—but only for the attackers. This is why we consider privilege escalation, the attempt to compromise an account and then expand its privileges, a key component of nearly all advanced cyber attacks.