Security Blog.

The blog provides updates on innovations, events, standards and news from the world of information security. The articles are written by the best experts in the field of information security

By: Ofir Even - Citadel Information Security Officer   |   Updated: 2/7/2023

Defense In Depth – The Onion Way

One effective way to securing your systems against potential vulnerabilities and attack is by implementing a Defense-in-depth approach, which involves using multiple layers of security measures to protect against a variety of threats

Read More
By: Moran Geva - Pen Tester , Cyber security consultant   |   Updated: 9/19/2022

The New World - Cloud Computing

Until recent years, clouds to us were the ones we see in the skies. They bring rain and occasionally block out the sun. But, in the modern technological age, the word "cloud" got an addition, "Computing"

Read More
By: Shlomo Elbaz - Information Security Consultant   |   Updated: 7/7/2022

The Importance of Protecting Privileged Accounts

This article will focus on common cyber-attacks that target Active Directory (AD). Active Directory is deployed across many organizations worldwide to deliver networking services so that users and computers can be easily authenticated and authorized to access network resources or log on to windows systems.

Read More
By: Itamar Hoshmand - Chief Security Architect & Software Expert   |   Updated: 10/25/2021

AWS WAF's Dangerous Defaults

When using AWS WAF defaults, the POST requests body size limit is greater than the default inspected body size, allowing malicious payloads to bypass the WAF

Read More
By: Itamar Hoshmand - Chief Security Architect & Software Expert   |   Updated: 8/12/2021

Password Filters

Weak passwords are one of the leading vulnerabilities that expose organizations to cyber incidents. Passwords complexity must be enforced, harshly. This article, by our Chief Security Architect - Itamar Hoshmand, outlines the problem, what is Password Filtering and its pros and cons.

Read More
By: Mor Davidovich - Application Security Consultant & Penetration Tester   |   Updated: 4/26/2021

DLL Proxying in the Tele-Conferencing Age

As a red teamer, how can I abuse the trust between the target’s infrastructure and the tele-conferencing solution implemented on the target? DLL Proxying!

Read More
By: Keren Ziv - Director of Awareness & Products | Citadel   |   Updated: 2/8/2021

Cyber Decade Summary Report 2010-2019

The last decade has been one of the most significant in cyber history, we have collected in our annual magazine the most important events, ones that have shaped consciousness and influenced the way we build our concept of defense ... Enjoy reading!

Read More
By: Oriel Goel - Cyber Security Analyst   |   Updated: 1/28/2021

How I Found a New Vulnerability in a Popular Home Automation App

A technical walkthrough of the process of finding a new Directory-Traversal vulnerability and CVE.

Read More
By: Moti Caro - Citadel Cyber Security CEO   |   Updated: 11/5/2020

Questions and Dilemmas in An Age Of Intensifying Cyber Attacks

The experience of an organization under ransomware attack is a jolting and high-stress event, and managing that kind of incident is a highly complex task. The potential damages to company operation can be mitigated with preparation and rehearsal.

Read More
By: Adi Kimhi - CISO   |   Updated: 8/19/2020

How to Value a Business with Cybersecurity Leaders

Many companies are beginning to realize the cybersecurity impact of cyber threats as a result of rapid digitization. The modern business model requires leaders who can navigate effectively within the digital transformation, and organizations need to know how to increase their talent to serve the business value.

Read More
By: Shahar Mashraki - Cyber Security Analyst   |   Updated: 8/11/2020

Lightshot Phishing Attack

Lightshot is not a malicious application, however, all screenshots that are taken by it are publicly accessible. In the following article, I will expose a new vector of Phishing attacks that targets individuals that attempt to abuse Lightshot’s known data leaks.

Read More
By: Michal Avakov - SOC Team Leader and a Senior Analyst   |   Updated: 7/7/2020

Social Engineering Attacks in 2020 From a SOC Perspective

“Social engineering has emerged as a serious threat in virtual communities and is an effective means to attack information systems. The services used by today’s knowledge workers prepare the ground for sophisticated social engineering attacks” - Advanced social engineering attacks (Krombholz, HobelM, Huber, Weippl 2014)

Read More
By: Mor Davidovich - Application Security Consultant & Penetration Tester   |   Updated: 6/28/2020

Execute Any "Evil" Powershell Code by Bypassing AMSI

Powershell can be a powerful tool during the post-exploitation phase of our engagements. Probably, one of the best advantages of Powershell is having access to awesome public scripts and tools like Empire, PowerSploit, Nishang and many others, but what if AMSI will not let us use any of these tools?

Read More
By: Eitan Shav - Application Security Consultant & Penetration Tester   |   Updated: 6/7/2022

How to Improve Your WordPress Website Security

What lessons should we learn from the server breach incident

Read More
By: Shenhav Yahav - Cyber Security Analyst   |   Updated: 5/17/2020

Containers as Cyber Security Black Holes

A Container is not an easy thing to secure. It includes everything from the applications they hold to the infrastructure they rely on. Steps need to be taken in multiple areas and layers to ensure you are not exposing yourself. Here are some guidelines for securing a container environment.

Read More
By: Ofir Even - Citadel Information Security Officer   |   Updated: 4/6/2020

Remote work in the age of corona – best practices for maintaining security

As the COVID-19 virus spreads around the world, governments and organizations are scrambling to respond to the challenges of maintaining business continuity, while employees are required to maintain social distancing and work remotely

Read More
By: Keren Ziv - Director of Awareness & Products | Citadel   |   Updated: 2/4/2021

Citadel Cyber Summary Report 2019 - Trends and 2020 Forecast

We are proud to present the 2019 Summary Report that reviews key events, salient trends and professional outlook for the coming year.

Read More
By: Anatoli Razumovich - VP Technologies | Citadel   |   Updated: 12/11/2019

Problems with open-source implementation

Open-source software components are a part of practically every development team’s standard practice and most organizations’ offering to their customers throughout all industries and verticals.

Read More
By: Eldad J. Ben-Giora - GRC Information Security Consultant   |   Updated: 12/4/2019

Of the GDPR and the CCPA

Various Laws and regulations may apply in various places and jurisdictions. They require adjustments and protection of rights by entities operating internationally or in their local scope. Today, it’s time for privacy.

Read More