Search here...

Blog

Balwurk > Blog
Inês Gil | InfoSec & GRC Expert

This article emphasizes the critical role of Governance, Risk, and Compliance (GRC) practices in preventing data loss exfiltration, particularly in the face of evolving cyber threats like ransomware. It begins by highlighting the increasing sophistication of cybercriminals and the prevalence of data exfiltration, especially through ransomware attacks. The importance of GRC in addressing these threats is underscored, with a focus on aligning cybersecurity strategies with industry best practices and regulatory requirements.

Balwurk

The summary underscores the principles and key components of the Zero Trust approach in cybersecurity. Beginning with the axiom "Never trust, Always verify," it explores benefits such as a proactive stance and enhanced visibility and control. It details the implementation of Identity and Access Management, Micro-segmentation, Security Analytics, and Secure Application Development Practices.

Balwurk

During an authorised penetration testing assessment conducted on Xpand IT’s Write-Back software, Balwurk’s security team found multiple security vulnerabilities, first disclosed to the customer and then responsibly submitted to the MITRE CVE program.

Bruno Pincho | Penetration Tester

Everyone in InfoSec knows Metasploit and the importance this tool has had on many professionals and in the field itself, either be it for awareness purposes, education, CTFs or actual live penetration tests, odds are the reader has encountered and used Metasploit before.

Balwurk

During an authorised penetration testing assessment of Xpand IT Write-Back software, Balwurk's security team found a vulnerability that allows an attacker to craft its own Write-Back commercial licenses, unlocking the software's full features without paying for it.

Balwurk

During an authorised penetration testing assessment conducted on Xpand IT's Write-Back software, Balwurk's security team found multiple security vulnerabilities, first disclosed to the customer and then responsibly submitted to the MITRE CVE program.