Pentera

Discover. Mitigate. Validate. Repeat. By 2026, organizations prioritizing CTEM will be three times less likely to suffer a breach because they: 🌐 Adopt an attacker’s mindset for security posture analysis 🔍 Prioritize and quickly address the most critical vulnerabilities based on exploitability and potential impact 🛡️ Regularly validate security controls to ensure they effectively block exploits Get your blueprint for implementing a CTEM operation here: https://okt.to/wQv3yi The Hacker News #CyberSecurity #CTEM

🦄 At the Future of AI 2024 Summit, Unicorn Founders spoke about the great power of AI which, as we all know, comes with great responsibility. Amitai Ratzon stepped into the spotlight to share how Pentera uses AI to enhance and scale emulated malware attacks in its platform. He also addressed how AI technologies are changing the domain, accelerating the arms race between defenders and attackers. It was an enlightening discussion, joined by industry leaders Dan Amiga, Co-Founder & CTO Island, Shachar Fienblit, Co-Founder & Chief R&D Officer VAST Data, and Ronni Zehavi, Co-Founder & CEO HiBob, and led by Noa Gastfreund. Lynx Events #Cybersecurity #AI

The regreSSHion vulnerability in OpenSSH (CVE-2024-6378) highlights the dangers of lapses in software regression testing. With 700K vulnerable OpenSSH servers, this flaw can lead to RCE attacks, full system compromise, and data manipulation. Learn more: https://okt.to/Wbn4wv

Lessons from the School of Hard Knocks: Surviving a Lockbit Ransomware Attack The University of Health Sciences and Pharmacy in St. Louis faced the moment we all dread. Their AVP IT & CISO, Zachary Lewis, walks you through the timeline of events, from the alert to the aftermath, and offers invaluable tips to boost your readiness to survive ransomware. Get the full story: https://okt.to/82I4q6 #LockBit #Ransomware

A big shout out to our community of cyber defenders! 🫶 You put us as a Leader on the G2 grids for 🛡️ Penetration Testing 🛡️ Risk-Based Vulnerability Management 🛡️ Attack Surface Management 🛡️ Breach and Attack Simulation Thank you for making us G2 leaders!

The Flipper Zero is a cool gadget, like a Swiss Army knife for cyber geeks. It messes with technologies related to data transmission like RFID and NFC. It’s great for security buffs to find and fix vulnerabilities or check whether your security can handle a hack. But what happens if you 'flip' it around? It can be misused to let people sneak into areas they shouldn’t. For example, it can be connected by USB to keyboards and type commands automatically, or record and replay RFID transmissions, potentially unlocking cars without the original remote. Question is – should these devices be licensed? Let us know what you think. 👇 #Cybertoon

We are deepening our investment in Japan! 🇯🇵 Our website has been translated to Japanese to ensure our automated security validation solutions are accessible to all our customers and partners in Japan. Visit https://okt.to/7hzeUq to learn more about how we can help you reduce your cyber exposure. #Cybersecurity #PenteraJapan #AutomatedSecurityValidation

🐧 Pentera has expanded RansomwareReady™ to proactively test the security of your Linux environments. With RansomwareReady™ you can: 🔒 Emulate destructive ransomware strains like Maze, REvil, Conti, LockBit 2.0, and Lockbit 3.0 🔒 Identify lateral pathways adversaries can use to target critical assets and exfiltrate data across Windows and Linux environments 🔒 Use the exact IOCs of the original campaigns to trigger authentic responses from your security controls 🔒 Get a step-by-step remediation guide to harden security and be ransomware ready https://okt.to/0MryZX #Lockbit #Ransomware

🔎 Pentera Research Team analysis on the recently discovered regreSSHion vulnerability in OpenSSH (CVE-2024-6378). Adversary perspective: Though shown to require significant time and skill, successful exploitation of regreSSHion can cause severe impact: full system compromise, data manipulation, and more. Internet-connected OpenSSH servers are a more likely target for this vulnerability, because it is easier to exploit from outside the organization's network. What can you do? 1️⃣ Detect and map OpenSSH instances in your environment, especially those accessible externally 2️⃣ Eliminate unnecessary external access to OpenSSH servers - a general security best practice 3️⃣ Identify and patch or mitigate instances of OpenSSH vulnerable to regreSSHion Get the full details: https://okt.to/txZAqg

Insider threats are responsible for 70% of breaches hitting the healthcare sector. Miscellaneous errors, privilege misuse, and system intrusion make up 83% of all breaches. All of them point to human error, likely staff within healthcare environments who are: ❌ Sending information to the wrong person ❌ Misplacing data ❌ Unwittingly sharing sensitive data What can be done? ✅ Implement strict access controls to limit insider threats ✅ Regularly train staff on security best practices to reduce errors ✅ Continuously validate your security defenses for potential vulnerabilities Having a resilient cyber defense doesn't require an X-ray of your IT infrastructure, but it does require vigilance towards protecting critical healthcare data.