CYBR332 Blog

The article I read this week was talking about Ethical hacking, which is also called by its second name white hat hacking. Ethical hacking is all about thinking like a criminal hacker, meaning you are allowed to go on the offensive, but with permission, with the goal of helping organizations. They go into the infrastructure of the organization and they find and fix security holes before the bad guys can abuse them. These professionals probe systems, networks, and even applications, and they use hacking techniques that criminal hackers use to find vulnerabilities. After which they discover these vulnerabilities, they report them back to the organization along with defenses the organization can take to improve its defense. Unlike black or grey hats, ethical hackers operate and hack a system with good intentions and that is with full consent as well. They test the system and see what places need to be improved, they don't trash it. Source: EC-Council. “What Is Ethical Hacking.” Cybers...

 Zero-day vulnerabilities are security flaws that are discovered by hackers before developers even know they exist. This leads us to how it got its name, zero-day attack, where they have literally zero time to fix them before an attack happens, since they do not know about the bug. These vulnerabilities are extremely valuable to hackers because they can be exploited silently for long periods of time, whether that is weeks, months, even years, it takes a long time for people to notice these types of attacks. Even fully updated systems can fall for these types of attacks if the flaw hasn't been discovered. I found this topic interesting because it goes to show that not every system is truly secure. This highlights the fact that investing in cybersecurity is a must in our industry today. Source: Ibm. “What Is a Zero-Day Exploit?” IBM , 19 May 2025, www.ibm.com/think/topics/zero-day.

To define what Biometrics is, it is essentially fingerprint scans, face ID, and iris recognition; it is a method of logging in faster and in a safer manner. According to the article I read this week, an article by the U.S. Department of Homeland Security, although biometric security is convenient, it is not without flaws. The reason is that if your biometric data were to be compromised, you cannot exactly change it like a password. There is a lot of research going on to help ensure that these systems are more accurate and resistant to spoofing. That is because in the past, people have been able to fool these scanners with things such as fake fingerprints or even 3D printed faces. This topic was very interesting to me because, on the outside, it feels secure but it comes with risks we have not thought about properly.  Source: “Biometrics: Homeland Security.” U.S. Department of Homeland Security , www.dhs.gov/biometrics. Accessed 16 July 2025.

We use mobile devices in almost every aspect in our lives; they are a pocket-sized computer. It is because of that constant use that IBM, the article I read this week, points out that they have become prime targets for cyberattacks. We use these devices to communicate with others, send emails, banking, so it is not surprise that having proper security is a concern. What makes these devices vulnerable is the fact that people tend to use public, not update their software, making it outdated, and a mix of personal and work apps. Missing updates, having weak passwords, or downloading apps that contain malicious code give attackers a direct path to sensitive data if they do target you. What I find interesting and a bit concerning is the fact that these devices tend to lack the strong security we expect from laptops and desktops. Therefore, and I cannot stress this enough, it is essential to regularly update, have good locks, and ensure that the necessary security policies are followed corre...

This week, I read an article that talks about a type of cyberattack called Credential stuffing as described by OWASP. Credential stuffing is a type of cyber attack where hackers use stolen usernames and passwords from one data breach and they try logging into other accounts using those same credentials. This is quite an effective strategy because if we are being honest with ourselves, a lot of people reuse passwords, including myself. According to OWASP, attackers are able to automate this process as well, they achieve this by using bots to test thousands of login attempts on popular sites. If even a small percentage of those reused credentials work again on other accounts, attackers are able to gain access to sensitive accounts, whether that is emails, banking information, addresses, the list goes on. It is scary how dangerous reusing passwords can be, and what shocked me the most is how common and successful this type of attack is. We see how dangerous it is, but we must also underst...

 We see, as we browse online, how everything companies and individuals do involves the cloud. That is from saving photos to running entire businesses on the cloud. The question is, how safe is the cloud really? We see many people using it, are they right to trust their apps and businesses to cloud security? To answer this question, I read an article by CrowdStrike, which talks about how cloud security is all about protecting data, apps, and servers that live on the internet instead of on your local computer. Cloud providers have strong protections that were made for users, but security will always be a shared job between the provider and the user. Leaving storage open to the public and weak access controls are something that comes from the user, and the provider cannot do much if that's how attackers access the Cloud. However, tools like encryption, multi-factor authentication, and constant monitoring all work together in order to ensure that cloud environments are secure. It goes ...