incident response Archives

CrowdStrike Security Incident 2024: A C-Suite Perspective on Implications, Risks, and Recovery

13 April 2025 by Krishna

In July 2024, a significant security incident involving CrowdStrike, a global leader in cybersecurity, caught the attention of businesses worldwide. Known for its advanced endpoint protection, CrowdStrike’s Falcon software is deployed across numerous organisations, many of which belong to the Fortune 500. However, a seemingly routine software update led to widespread disruptions, with millions of devices crashing, particularly those running Windows 10 and 11. This post aims to explore the CrowdStrike security incident in-depth, examining its impact, root causes, and the lessons that C-suite executives must take away to enhance their cybersecurity risk management strategies.

Exploiting Google Calendar: How Cybercriminals Use Calendar Invites to Spread Malicious Links and What You Can Do to Defend Against It

4 March 20254 March 2025 by Krishna

In the context of cybersecurity, the growing trend of exploiting digital calendar platforms is part of a broader shift towards social engineering and phishing attacks. Traditionally, phishing emails were the go-to vector for spreading malware, but attackers have adapted to newer, more subtle methods of infiltration. By exploiting tools like Google Calendar, which are integral to the workflow of millions of users, attackers are finding ways to bypass conventional email filters and reach their targets with greater ease.

API-Security-Misconfigurations-KrishnaG-CEO

The OWASP Top 10 API Security Risks – 2023: API8:2023 – Security Misconfiguration

19 February 2025 by Krishna

At its core, **security misconfiguration** occurs when the security settings of an API or its supporting systems are improperly configured or left at their default settings. APIs often rely on a wide range of underlying infrastructure, including web servers, databases, cloud services, and identity management systems. Each of these elements needs to be configured in line with security best practices to ensure the overall security posture of the API.

Misconfigurations can arise at any stage in the API lifecycle, from development to deployment, and they are not limited to a single type of vulnerability. They may involve poorly configured authentication mechanisms, incorrect access control settings, or vulnerabilities in third-party services integrated into the API ecosystem.

Security Logging and Monitoring Failures: A Comprehensive Guide for Software Developers, Architects, and Security Analysts

18 January 2025 by Krishna

Security logging involves the systematic recording of events within a system, application, or network. Monitoring, on the other hand, refers to actively reviewing and analysing these logs to detect anomalies or malicious activities.

WordPress db Injection: A Comprehensive Guide for Pen Testers and C-Suite

14 January 2025 by Krishna

WordPress, which began as a simple blogging platform in 2003, has evolved into one of the most widely used content management systems (CMS) globally. Currently powering over 40% of websites, WordPress has become synonymous with digital publishing—ranging from small personal blogs to large-scale enterprise solutions. For many C-level executives, WordPress represents an agile, cost-effective solution to rapidly establish and manage an online presence.
However, with extensive adoption comes amplified risk. The same features that make WordPress easy to use—such as its vibrant plugin ecosystem and open-source nature—can also create ripe opportunities for attackers to exploit vulnerabilities. WordPress database injection, often referred to more broadly as SQL injection (SQLi), stands out as a critical concern. Attackers who successfully execute a database injection can gain unauthorised access to sensitive data, manipulate website content, or even pivot to other parts of the organisation’s network.
WordPress relies on a MySQL (or MariaDB) database to store content, user data, plugin settings, and other critical information. An SQL injection attack leverages insecure code or configurations to inject malicious SQL queries into the database, allowing attackers to read, modify, or even delete data, and in some extreme cases, compromise the server itself.