Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
03.26.20
During this time of heightened cybersecurity threats, we are offering free cybersecurity services (one per customer): Phishing Preparedness Analysis and Remote Access Policy Assessments. Phishing Preparedness Analysis: As organizations shift to this new work from home paradigm, attackers are taking advantage and expanding their already effective phishing campaigns. For a limited time, we will perform… Read more »
03.19.20
Free Cybersecurity to Combat Threats Posed by COVID-19 Don’t miss an event that could be putting your organization’s security at risk. During this time of heightened cybersecurity threats, we are offering a FREE 30-day trial of ThreatAdvisor. Built on the knowledge of security consultants and penetration testers with more than 50 years of experience in… Read more »
03.19.20
Notice to Our Customers While organizations around the world are reorganizing their workforces to handle the current health issue, I’d like to take this moment to reassure you that we at DirectDefense are well prepared to facilitate the services you count on us to provide for you. Unlike most industries that maintain a collective work… Read more »
03.19.20
The Cybersecurity Risks of the “Work from Home” Shift The COVID-19 virus has companies across the world scrambling to make it possible for their employees to work from home. As a result, a lot of decisions are being made rapidly, all with the goal of continuing operations as seamlessly as possible. At DirectDefense, we completely… Read more »
12.10.19
Significant Volume of Brute Force Attempts Against Ingress Authentication Sources In the past 72 hours there has been a significant volume of brute force attempts against various ingress authentication sources (like o365 or VPN solutions). We have seen this across all of our customers and that this activity is both typical for this time of… Read more »
12.04.19
Revisiting the Security Threats That Marked 2019 and How They Were Managed Wow, what a year it has been! Security attacks in 2019 were marked by a resurgence of Ransomware attacks, business email compromise (BEC) attacks, and the discovery of painful blind spots in existing security programs for our new, and in some cases older,… Read more »
03.21.19
During application testing, most SQL injection attacks are mundane. Often, when there is one SQL injection, there are many–and they are easily exploitable with tools like sqlmap. Occasionally, an application is largely protected against SQL injection, but something interesting happens on a test. A tester manually validates a SQL injection vulnerability based on server responses,… Read more »
12.13.18
Assessing the Successes (and Failures) of Organizations’ Implementations of Security Orchestration and Automation Response Solutions As 2018 comes to a close, we must look at the information security and managed services trends already established this year, and those on deck for 2019. To get things going ahead of the new year, we thought we would… Read more »
09.25.18
Identify the Common Ways S3 Buckets Can be Misconfigured According to 2017 report, 93 percent of organizations are using some form of cloud computing. This increase brings new threats that many organizations’ current security processes may not be equipped to handle. One of these issues is the use of Amazon S3 buckets (AWS S3) with… Read more »
06.26.18
Turn Your Software Development Security into a Repeatable Engineering Process Companies have long viewed application security testing as a black art that’s dependent upon a small number of experts wielding arcane tools to find vulnerabilities and develop exploits. However, as the velocity of software development increases, the old way of running security tests becomes less… Read more »
