Skip to content
BLOG
Latest news of Chimere.

You can follow Chimere on LinkedIn .

Blog

You will find in this blog all the Chimere latest news, the events and important announcements!

Effectively manage your exposure surface (Part 1)

When you are a CISO or CIO taking on a new position, one of the challenges is to efficiently understand the areas where protection measures and security actions need to be implemented. Esteemed readers of this blog, you know how exposing applications on the internet is one of the most common causes of information system compromise. If this is your first Chimere article, take a look at our previous thoughts on the subject: 10 cyberattacks that exploited the principle of exposure, 3 types of attacks feared by companies, and 3 strategies to protect your information system from internet scans (and resulting attacks)

In this article, we provide a method to identify and manage this exposure, ultimately reducing the risk of compromise resulting from the exposure of your assets on the internet.

Chimere, European Cyber Week 2023 partner

The European Cyber Week is the reference event in the fields of strategic studies and research in cyber defense and cybersecurity. Gathering an ecosystem of French and European excellence, rich through its diversity and the high level of its speakers, it's the place where all the actors of the sovereign cyber sector meet.

Network and cybersecurity: What is a 'Hidden Service'? Part 2

Application anonymity, network authentication, and exposure elimination are three characteristics intimately linked to the principle of hidden services. In the previous article: What is a 'Hidden Service'? Part 1, we highlighted these three aspects of the mechanism, but they are not alone in bringing interesting properties in terms of network security. In this new article, we found it interesting to highlight four other characteristics, much less known than the first ones, yet providing a real defensive added value.

Network and cybersecurity: What is a 'Hidden Service'? Part 1

The term "hidden service" is intimately related to certain technologies like the darknet and the Tor Project. This mechanism is used to provide various security and anonymity features to network users. In the collective consciousness, it is widely accepted that the darknet and hidden services are primarily used by cybercriminals to offer applications accessible through the Internet without revealing the identities of the parties involved. However, in reality, hidden services are often used for much nobler purposes, where the technical advantages they offer are highly appreciated.

Whistleblowers, secure data exchanges, journalistic content publication, and today's widespread and secure remote access with the advent of Zero-Trust Network Access are all ways in which hidden services are used for protection. But what are hidden services, and what do they really offer? Answers in this article.

3 types of attacks feared by companies

When exchanging with CISOs and CIOs about the actions to be taken to ensure optimal security of their information systems, user awareness and the implementation of good security hygiene practices are frequently discussed. It is undeniable that the human factor often plays a decisive role in the compromise of information systems. While raising awareness among employees and partners is essential, it is common to observe decision-makers adopting a fatalistic view of the situation and considering that security through the use of technical solutions is a failure.

Are they right? In an attempt to provide some insights in this article, we address three well-known techniques that attackers employ to hack enterprise computer systems, and against which security services must fight.

How to use the Tor darknet to protect your information system?

In the article about the issue of service exposure and 10 cyber-attacks that have exploited the principle of exposure, we highlighted the risks associated with exposing services on the internet.

But what if we could conceal these services, preventing them from being discovered by just anyone?

One way to achieve this is by using the Chimera network and its hidden services mechanism it offers. However, if you have only a few services and users to manage, performance is not a concern, and you enjoy getting your hands dirty, why not directly use the Tor network? This method is particularly interesting for individuals or small enterprise information systems.

Let's see how to protect an SSH service and avoid becoming a target for attacks. Let's dive in!

3 strategies to protect your information system from internet scans (and resulting attacks)

In the previous two articles, we presented the issue of service exposure on the internet (Information System security: understanding the issue of exposure and 10 cyberattacks that exploited the principle of exposure), as well as 10 cyber attacks that exploited the principle of exposure. Today, we want to revisit three common strategies that companies use to address this problem. As remote access needs and teleworking have particularly increased in recent years, what are the common strategies that companies choose to prevent their exposed services from becoming a gateway for hackers?