Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
03.25.25Getting a wastewater utility’s OT and IT departments on the same page to address vulnerabilities they didn’t know they had. Wastewater utilities are among some of the most targeted industries for cyber attacks, and the implications can be devastating as operational interruptions or shut-downs could directly affect public health. The Environmental Protection Agency (EPA) does… Read more »
10.15.24Digging Deeper to Uncover a Fenix Botnet Targeting HR & Payroll Tax Employees in Mexico When a client’s EDR platform alerted that it had blocked a file being accessed through a non-domain address, that could have been “case closed” – the file was blocked and the activity was halted. Or so it seemed. Our… Read more »
07.10.24Organizations with security maturity can greatly benefit from annual red team assessments to keep up with the ever-evolving cyber threat landscape. Major organizations that hold detailed and private information are prime targets for malicious attackers, regardless of industry. Bad actors will find ways to break through physical and cyber barriers to obtain and sell personal… Read more »
05.07.24Industrial control systems have a big job to do for a single facility’s OT environment – but if you’re operating multiple facilities spread across the U.S. or the world, those systems have a far larger workload, and the security risks inherent in their function get larger too. What no critical infrastructure or industrial corporation wants… Read more »
04.22.24Free threat recon service reveals what you might be missing. Let’s face it, every company has blind spots when it comes to security. Even with a trusted vendor, new threats emerge all the time. Wouldn’t it be reassuring to know exactly what lurks in the shadows of your network? Our latest blog post delves into… Read more »
04.17.24Join DirectDefense at RSA Conference 2024 in San Fransisco DirectDefense will be present at RSA Conference this year, engaging with customers to enhance their OT environments. Here are the opportunities to connect with us. Schedule a Meeting with Our Experts at The Claroty Beats Hub at B Restaurant We invite you to join us at The… Read more »
04.16.24An external penetration testing engagement with a healthcare organization revealed the importance of simple security measures against the darkest of intent. A recent external pen test engagement with a longtime client of ours, a prominent healthcare organization, proved the importance of well-performed reconnaissance and information gathering. A data breach can be devastating, and many individuals’… Read more »
03.28.24During an engagement with a financial services client, DirectDefense relied upon social engineering (and other tactics) to penetrate their physical offices and wireless networks. Performing a combination of physical and wireless penetration testing is always a unique experience for DirectDefense consultants. From location to business type, our team has experienced and learned a lot over… Read more »
03.20.24Never underestimate the abilities of people with too much time on their hands and a pension for malicious activity. Hardware and software security assessments are a key component of maintaining the safety, security, and compliance of any device type, almost regardless of the environment in which they are used. But when the environment is a… Read more »
01.22.24What We Did, and What You Should Know Before Installing a Custom OS A DirectDefense security researcher, Nolen Johnson, joined two other researchers to exploit three Chromecast vulnerabilities present in the Chromecast with Google TV (CCwGTV) 1080P. The team developed a chain of three exploits that ultimately allowed an individual to run a custom OS/unsigned… Read more »
