Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
01.16.24Internal app assessments, while helpful, won’t reveal all of the vulnerabilities weakening your security. Web applications, or web apps, are a common and useful way for companies to interact with both employees and customers. Without adequate assessment, however, security risks thrive, leaving the door open for bad actors to manipulate the systems and cause serious… Read more »
10.16.23Our recent OT security assessment at a private water utility illustrates how no industry is safe from security threats. Regardless of sector, all industries, from education, to finance, to water treatment, are susceptible to bad actors taking advantage of their internally-overlooked vulnerabilities. While water utilities have historically lagged behind other industries in OT security, the… Read more »
10.05.23Is Your Organization’s Physical Security Top-Notch? Having high-level security measures at any organization is a must, especially for large corporations that deal with specific clientele and hold confidential and sensitive information. We know attackers find ways to gain access to corporate networks remotely, but physical access poses even more risk, as attackers can potentially get… Read more »
09.07.23How Secure Are Your Organization’s Premises? When it comes to entry points into an organization, network security gaps and vulnerabilities aren’t the only concern. Bad actors can choose a more traditional way in – physically walking through the doors. You may have locks, ID badges, cameras, and employee protocols, but the best way to know… Read more »
08.24.23Welcome to a new series of DirectDefense blog posts about hardware and IoT penetration testing! The goal of this 101 series is to shed light on common hardware I/O interfaces, associated protocols, and the multitude of vulnerabilities that can arise when they are left unprotected. While hardware reconnaissance will be briefly discussed, this particular article… Read more »
08.15.23Has your corporation been keeping up-to-date on the latest security practices? An important one to bring into your security repertoire is an enterprise risk assessment. It’s crucial to regularly conduct enterprise assessments to ensure the effectiveness of your corporation’s security measures. An enterprise risk assessment helps your organization continuously update and measure all security protocols,… Read more »
08.08.23Armor Your Endpoints Free for 60 Days If you’ve experienced the impact of a ransomware attack, you understand how severely it can disrupt business operations. That is why we’re partnering with Halcyon to offer a 60-day free trial of their anti-ransomware platform. Halcyon’s next-generation anti-ransomware solution stops attackers at all phases of a breach using… Read more »
07.10.23How DirectDefense Compromised a Banking Institution’s Help Desk and Member Services Using a Phone Social Engineering Attack + 5 Common Vishing Pitfalls to Avoid Cyber criminals will stop at nothing to steal personal and confidential information from their target. In recent years, many high-profile attacks have leveraged targeted phone social engineering attacks, known as vishing.… Read more »
06.13.23How DirectDefense uncovered weaknesses in a municipality’s SCADA systems and a need for SCADA network segmentation A large municipality enlisted the services of DirectDefense to perform a Critical Infrastructure Assessment of the SCADA network controlling their water and electric services. During the SCADA assessments, our team identified several weaknesses that demonstrated the need for SCADA… Read more »
05.09.23How to Prevent Credential Stuffing with IPv6 Protocol Security Third-party software security risks are created when third-party vendor products lack security, giving attackers wide open access to your organization’s networks and databases. When a vendor has access to your network, including customer and corporate information, your own company’s security doesn’t cover all the gaps, so… Read more »
