Cybersecurity Blog
Insights, technical guides and analysis from the Secra team on the latest cybersecurity threats and trends.
AWS IAM Privilege Escalation: Attack Paths
AWS IAM privilege escalation paths: iam:PassRole abuse, policy versioning, sts:AssumeRole chains and how to detect them with CloudTrail.
Bluetooth and BLE Security: Attacks and Defense
Bluetooth and BLE attacks: BlueBorne, KNOB, BIAS and sniffing against IoT, wearable and medical devices. Secure pairing, defense and detection.
Brushing Scam: What It Is and How to Protect Yourself
What the brushing scam is: fake sellers ship unsolicited packages to post fake verified reviews using leaked PII. How to detect and defend.
Business Continuity Plan (BCP/DRP): ISO 22301 Guide
What a business continuity plan (BCP) is, how it differs from a DRP, BIA, setting RTO and RPO, ISO 22301 and its link to ISO 27001.
Business logic vulnerabilities: attacks and testing
What business logic vulnerabilities are, why DAST and SAST scanners miss them, the classic flaw taxonomy with examples and how to test them manually.
Catfishing: what it is, how to detect and prevent it
What catfishing is in a corporate context: fake LinkedIn recruiters, sextortion, deepfakes, OSINT verification and defence aligned with NIS2.
CI/CD Pipeline Security: Threats and Hardening 2026
CI/CD pipeline security: defend builds against poisoned pipeline execution, secrets leakage and insecure runners with OIDC, SLSA and hardening.
Cyber Insurance: What It Covers, Exclusions and Price
What cyber insurance covers in 2026: coverages, exclusions, insurer requirements (MFA, EDR, backups, pentest) and price for businesses and SMEs.
Cyber Insurance Minimum Controls: MFA, EDR, Backups
Cyber insurance requirements in 2026: MFA, EDR, backups, pentest and IR plan. The minimum controls insurers demand before binding.

