By: Moti Caro - Citadel Cyber Security CEO | Updated: 11/5/2020

Questions and Dilemmas in An Age Of Intensifying Cyber Attacks

The experience of an organization under ransomware attack is a jolting and high-stress event, and managing that kind of incident is a highly complex task. The potential damages to company operation can be mitigated with preparation and rehearsal.

By: Adi Kimhi - CISO | Updated: 8/19/2020

How to Value a Business with Cybersecurity Leaders

Many companies are beginning to realize the cybersecurity impact of cyber threats as a result of rapid digitization. The modern business model requires leaders who can navigate effectively within the digital transformation, and organizations need to know how to increase their talent to serve the business value.

By: Shahar Mashraki - Cyber Security Analyst | Updated: 8/11/2020

Lightshot Phishing Attack

Lightshot is not a malicious application, however, all screenshots that are taken by it are publicly accessible. In the following article, I will expose a new vector of Phishing attacks that targets individuals that attempt to abuse Lightshot’s known data leaks.

By: Michal Avakov - SOC Team Leader and a Senior Analyst | Updated: 7/7/2020

Social Engineering Attacks in 2020 From a SOC Perspective

“Social engineering has emerged as a serious threat in virtual communities and is an effective means to attack information systems. The services used by today’s knowledge workers prepare the ground for sophisticated social engineering attacks” - Advanced social engineering attacks (Krombholz, HobelM, Huber, Weippl 2014)

By: Mor Davidovich - Application Security Consultant & Penetration Tester | Updated: 6/28/2020

Execute Any "Evil" Powershell Code by Bypassing AMSI

Powershell can be a powerful tool during the post-exploitation phase of our engagements. Probably, one of the best advantages of Powershell is having access to awesome public scripts and tools like Empire, PowerSploit, Nishang and many others, but what if AMSI will not let us use any of these tools?

By: Eitan Shav - Application Security Consultant & Penetration Tester | Updated: 6/21/2020

How to Improve Your WordPress Website Security

What lessons should we learn from the uPress.co.il server breach incident

By: Shenhav Yahav - Cyber Security Analyst | Updated: 5/17/2020

Containers as Cyber Security Black Holes

A Container is not an easy thing to secure. It includes everything from the applications they hold to the infrastructure they rely on. Steps need to be taken in multiple areas and layers to ensure you are not exposing yourself. Here are some guidelines for securing a container environment.

By: Ofir Even - Citadel Information Security Officer | Updated: 4/6/2020

Remote work in the age of corona – best practices for maintaining security

As the COVID-19 virus spreads around the world, governments and organizations are scrambling to respond to the challenges of maintaining business continuity, while employees are required to maintain social distancing and work remotely

By: Keren Ziv - Director of Awareness & Products | Citadel | Updated: 1/26/2020

Citadel Cyber Summary Report 2019 - Trends and 2020 Forecast

We are proud to present the 2019 Summary Report that reviews key events, salient trends and professional outlook for the coming year.

By: Anatoli Razumovich - VP Technologies | Citadel | Updated: 12/11/2019

Problems with open-source implementation

Open-source software components are a part of practically every development team’s standard practice and most organizations’ offering to their customers throughout all industries and verticals.

By: Eldad J. Ben-Giora - GRC Information Security Consultant | Updated: 12/4/2019

Of the GDPR and the CCPA

Various Laws and regulations may apply in various places and jurisdictions. They require adjustments and protection of rights by entities operating internationally or in their local scope. Today, it’s time for privacy.