Author: Kelly Kish

Tales From the Road: If Your SCADA Network Isn’t Segmented, It’s Not Secure

Newsflash: Most networks utilized for Supervisory Control and Data Acquisition (SCADA) were not designed to be secure. Yes, you read that correctly. Kind of a scary thought, especially when your municipal water utility is reliant on this network to ensure the availability and safety of the drinking water supply! This is why the management company… Read more »

Tales From The Road: PCI Compliance 101: Don’t Keep your Network in the Housekeeping Storage Room

How a recent DirectDefense physical penetration test for a national hotel chain demonstrated how thousands of credit card numbers could be stolen in 4 simple steps. PCI compliance is required for any company that accept credit or debit cards, or EBTs, and security requirements are based on the number of transactions a business performs each… Read more »

Tales From The Road: Gone’ Phishin’!

How DirectDefense leveraged the pandemic to exploit remote access security for a large corporate network through an email phishing campaign While most of the world was busy adapting to the Work from Anywhere #WFA movement that the pandemic suddenly brought on, a certain segment of the population saw a unique opportunity to get into an… Read more »

Your Detailed Out-of-Office Autoresponder Could be Putting Your Organization’s Email Security at Risk

Tips for Writing Safe but Still Helpful OOO Email Messages. The spirit of the out-of-office autoresponder has never been about email security. Instead, it has traditionally been about providing helpful contact information in the event that a coworker or a customer in need of assistance emails you while you’re away. Simple. But it’s 2021, and… Read more »

Tales from the Road: Taking Control of Access Controls to Protect Sensitive Data from Unauthorized Users

How a recent DirectDefense application security assessment revealed a common vulnerability. A large financial corporation recently called on us to perform a comprehensive security assessment of their client-facing application. Among other findings, the engagement revealed just how easy it would be for someone with ill-intent to exploit the application via access controls that were not… Read more »

Tales from the Road: Think Your Web Application is Attacker-Proof? Think again.

How We Put One Client’s Web App Security to the Ultimate Test Did you know that web applications have become the #1 target for the exploitation of vulnerabilities? Check out these alarming stats: Researchers found around 70 types of weaknesses in web applications. (Source: PT Security) 46% of web applications have critical vulnerabilities. (Acunetix’s report… Read more »