Assured Blogs

This blog post will guide you through an attack chain exploiting insecure defaults in GKE, and explain how to harden a Kubernetes cluster to reduce the risk of compromise.

A 2023 retrospective by Assured Security Consultants on automotive security engagements, challenges and trends. We discuss security issues observed and the implications of cyber security regulations on the automotive industry. We provide an overview of the state of automotive cyber security and recommendations for improving automotive security based on our findings.

A 2023 retrospective by Assured Security Consultants on performed web application penetration tests, identifying common security issues and vulnerabilities and providing recommendations for mitigation.

A 2023 retrospective by Assured Security Consultants on security assessments conducted, highlighting key IT infrastructure and Active Directory vulnerabilities, the impact of new regulations, and strategies for a more secure future.

An introduction to what an application security assessment is and how it is performed.

Becoming a December tradition, Assured sponsors Advent of Code for the third time!

Common Vulnerability Scoring System CVSS 4.0 has been released with new ways of scoring vulnerabilities. What is the good and the bad?

Zabbix is a popular monitoriting tool used by many different organizations, which exposes file read and execute permissions and thus poses an interesting target for penetration testers and researchers.

A rundown on how to get started using the new Tillitis TKey, writing an application for the device and using the TKey for authentication on a Linux system.

Common issues (often related to lacking network access control) found across various IT infrastructures, regardless of the organization or industry.

This is a first blog post in a series on cyber security in the Automotive industry and what we at Assured have learnt so far.

Now that the SHA-1 cryptographic hashing function has been retired by NIST, what does that mean and what actions should be taken?

We see an increased ambition for penetration testing of networks and infrastructure and want to share the five most common security issues that we've seen during 2022.

To introduce a security mindset and awareness into the early stages of development we offer training seminars and workshops. Here's an overview of some of them, mainly aimed at developers wanting to learn security concepts.

What makes an incident responder call to pull the plug on a system during a cyber security incident? We take a look at the ongoing disruption of Swedish unemployment benefit services (Sveriges A-kassor) and hypothesize what would motivate pulling the plug on an ongoing attack.

Sponsoring the top coding challenge event of the year to promote secure code and find awesome new colleagues.

Takeaways from Security Fest 2022, Gothenburg's big two day security conference!

Showcase from our participation at the Vehicle Electronics & Connected Services exhibition.

We found a way to bypass your lock screen (or whatever, you're root), by accident! Here's how we found it.

What are the implications of quantum computing on the most common cryptographic algorithms and ciphers? We take a look at symmetric cryptographic algorithms like AES and asymmetric algorithms like RSA and Elliptic Curve.

A short summary of what was talked about during the Log4Shell meetup hosted by OWASP Gothenburg with some discussion on the background of the vulnerability, mitigation strategies and predictions.

Our good friends at Mullvad asked us to publish the report for a pentest we conducted on their DNS over HTTPS servers.

Assured has been involved in the development of the NTS standard and the first high capacity hardware implementation of NTS. Netnod has published a whitepaper explaining NTS.

SoloKeys claims to be the first open-source FIDO2 security key. Let's open up a device to find out more about the licenses used, the hardware and the software design.

What is a lightweight block cipher? We take a look at the PRINCE algorithm - its uses, security traits and a hardware implementation.

A walkthrough of a couple of Google Cloud Platform (GCP) features with security recommendations and advice on how to configure your GCP environments.

We are offering a course on automotive security, called CAN Hack! The course is aimed at anyone interested in the security of connected vehicles. It combines theoretical lectures with hands-on challenges against a physical, simulated car.

A recommendation for a book which covers some useful security-related topics and many of the most commonly used scams and is certainly worth taking a look at, and to share with your friends and family.

This article provides a brief TLS 1.3 overview. With TLS 1.3 and HTTP/2, the internet engineers are demonstrating a big commitment to reducing the impact of network latency to system performance and user experience!

As more and more businesses are moving their infrastructure from physical on premise devices to cloud services they are hitting obstacles when it comes to monitoring their cloud-infrastructure. If there's a tight budget for security monitoring, we provide a cheap way to do this without changing the infrastructure.

EFAIL is the name of a series of vulnerabilities in OpenPGP and S/MIME. Here we discuss the issues a bit.

Assured's training program is for new-hires to create confident Assured consultants and security experts.

(Swedish) Ännu en spik i kistan för det numera utdaterade strömkryptot RC4, med ett nytt sätt att hitta kolliderande nycklar.

Looking closer at TLSFuzzer, an exceptionally easy to understand fuzzing framework.