Some thoughts about SIM Hijacking

The SIM hijacking, also know as SIM swapping, is an attack where a criminal contacts the cell phone provider of a target user, and convinces it (sometimes involving employees of the phone company) to switch target’s account to a SIM that he control.
Since smartphones are often used as a security measure/verification system, this allows the fraudster to take over accounts of the target.

Continue reading “Some thoughts about SIM Hijacking”

DevSecOps: the value of “Security Champions”

In a previous article [1], I’ve started to talk about DevSecOps and the concept of “shifting left” security.
In order to move security checks to the early steps of development, a great help may be the presence of a security-aware person in every scrum team, the so-called “Security Champions“.

Continue reading “DevSecOps: the value of “Security Champions””

Security researcher found a hardcoded SSH Key in Fortinet SIEM appliances

Security researcher Andrew Klaus, from Cybera, discovered a hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM that can be used in order to generate a denial of service against the FortiSIEM Supervisor.

Continue reading “Security researcher found a hardcoded SSH Key in Fortinet SIEM appliances”