In cyber security, risk is the potential for loss, damage or destruction of assets or data. Threat is a negative event, such as the exploit of a vulnerability. And a vulnerability is a weakness that exposes you to threats, and therefore increases the likelihood of a negative event.
Asset discovery involves keeping a check on the active and inactive assets on a network. For many modern corporations, this will now include cloud, virtual, and mobile devices in addition to the traditional on-premise workstations and servers. This can start to make gathering insight into devices more difficult.
Subdomains are the part of a domain that comes before the main domain name and domain extension. They can help you organize your website. For example, client.cyberleion.io
An IP address is a unique address that identifies a device on the internet or a local network. IP stands for “Internet Protocol,” which is the set of rules governing the format of data sent via the internet or local network.
Autonomous System Number (ASN) is a globally unique identifier that defines a group of one or more IP prefixes run by one or more network operators that maintain a single, clearly-defined routing policy. These groups of IP prefixes are known as autonomous systems.
Associated domains provide the underpinning to universal links, a feature that allows an app to present content in place of all or part of its website. Users who don’t download the app get the same information in a web browser instead of the native app.
Code Orgs / Repos
A code repository is an archive of the code itself that is being worked on. Beyond the code itself, you can keep things such as documentation, notes, web pages, and other items in your repository. A code repository is required for any successful software development project.
Cloud Storage Objects
Cloud object storage is a format for storing unstructured data in the cloud. Object storage is considered a good fit for the cloud because it is elastic, flexible and it can more easily scale into multiple petabytes to support unlimited data growth
A mobile application, most commonly referred to as an app, is a type of application software designed to run on a mobile device, such as a smartphone or tablet computer. Mobile applications frequently serve to provide users with similar services to those accessed on PCs.
Hundreds of thousands of tokens and cryptographic keys have been discovered on GitHub. We explain why this is bad and how to avoid a leak.
When using an expired certificate, you risk your encryption and mutual authentication. As a result, both your website and users are susceptible to attacks and viruses. For example, a hacker can take advantage of a website with an expired SSL certificate and create a fake website identical to it.
A leaked account can be used to compromise financial records, health records, customer data, employee data and other sensitive information that could leave you at risk of reputational and financial damage.
Enterprise digital attack surfaces are dynamic, complicated, and hard to keep under control. They’re a tangle of IP-connected devices and third-party dependencies across the web and in the cloud that continuously change, go out of date, and become exposed.
A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical name (CNAME) in the Domain Name System (DNS), but no host is providing content for it.
Leaked API Keys
If you leak your API key, then you would no longer be in control of the protected resource as your user would be able to instruct the archive provider directly, bypassing your intended business logic.
Malware is malicious software such as spyware, ransomware, viruses and worms. Malware is activated when a user clicks on a malicious link or attachment, which leads to installing dangerous software. Cisco reports that malware, once activated, can: Block access to key network components (ransomware).