From a penetration tester’s perspective, there are a few things that quickly indicate an organization’s maturity (and the likelihood our team will be able to exploit their environment). If any of these exist, the chance we will be able to successfully breach their environment increases: Indicators a Hacker Can Breach Your Systems Aging Infrastructure One[…]
Windows Servers are practically irresistible to hackers everywhere. This makes the lone Windows Server a perfect candidate for a honeypot. In this post we explore how to use a Windows Server to divert a hacker’s attention from what matters than by giving them what they think is an easy win!
Cybersecurity is a business problem impacting the livelihoods of companies and their owners. As a result, Management and Leadership must take steps to proactively identify and resolve security vulnerabilities to protect company value. A great place to begin (or continue) maturing your security environment is through penetration test activities. Penetration tests can be a[…]
Phishing is when a malicious individual, using email, impersonates a sender that an internal user would have familiarity with, sometimes targeted towards highly specific personnel (Spear Phishing), to execute their intent. Attackers can do this by spoofing their email address to make it appear as though it is coming from a trusted source. Low level[…]
Studies performed by the Ponemon Institute linked 56-59% of security breaches to third parties. At the same time, companies are increasingly leveraging specialty service providers to perform critical business functions. Combined, third-party risk is being elevated to the board level and banks are scrambling to manage their vendor-related risks. The net result for service providers[…]
Many modern forms of malware are now file-less and rely on Command & Control (C2) infrastructure to assist outsiders with gaining unauthorized access to networks. This malware “phones home” to remote attackers, who then leverage the internal foothold to infiltrate networks and execute attacks. These attacks can be difficult to detect when security monitoring is[…]
One of the biggest threats facing enterprises are outsiders plugging directly into an Ethernet port and being granted instant, unauthenticated access to the network. This threat is especially common in hospitals where there is heavy use of computer systems mixed with untrusted outsiders roaming the halls. Shutting down unused ports is the traditional mitigation. Still[…]
Developing a cyber security baseline can be daunting. Oftentimes the burden falls on the Chief Information Officer or Chief Technology Officer. Before implementing any tool or assessments, management should establish a security baseline.
When most people think of hacking, they think of what Hollywood portrays. In a dark basement, a hooded, perhaps tattooed outcast rapidly types nonsensical keystrokes at a flashy computer monitor for several seconds before snidely muttering, “I’m in.” By that representation, the hacking process seems pretty straightforward: find a vulnerability, exploit it and ride off[…]
Profiling and automated decision-making are not prohibited under GDPR. However, both of these activities are subject to detailed requirements on when they can legitimately be performed and what must be communicated to data subjects. Key Questions: 1| How are automated decision-making and profiling defined under GDPR? 2| How do the general rules of GDPR apply[…]