Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
The Complexities Created by Using JavaScript Object Notation to Transfer Data Among the web application vulnerability tests that we perform at DirectDefense is an application security assessment for CSRF. CSRF, or Cross-Site Request Forgery, is an attack that takes advantage of the predictability of requests and browsers’ automatic submission of session cookies to perform unintended… Read more »
03.19.20Free Cybersecurity to Combat Threats Posed by COVID-19 Don’t miss an event that could be putting your organization’s security at risk. During this time of heightened cybersecurity threats, we are offering a FREE 30-day trial of ThreatAdvisor. Built on the knowledge of security consultants and penetration testers with more than 50 years of experience in… Read more »
12.04.19Revisiting the Security Threats That Marked 2019 and How They Were Managed Wow, what a year it has been! Security attacks in 2019 were marked by a resurgence of Ransomware attacks, business email compromise (BEC) attacks, and the discovery of painful blind spots in existing security programs for our new, and in some cases older,… Read more »
12.13.18Assessing the Successes (and Failures) of Organizations’ Implementations of Security Orchestration and Automation Response Solutions As 2018 comes to a close, we must look at the information security and managed services trends already established this year, and those on deck for 2019. To get things going ahead of the new year, we thought we would… Read more »
04.11.18No, this blog post isn’t about the credit cards or identity theft. It’s about the tools that, as a security professional, you should keep stored in your “security wallet.” Like any tradecraft, security professionals should have a set of tools, in this case, applications, websites, and resources, that they keep on-hand. These items become your… Read more »
03.20.18A version of this blog is also posted on the MIST InfoSec Insider site: https://misti.com/infosec-insider-search. We’re surrounded by networks, many not our own. It’s next to impossible to run a business today without network interconnectivity. Even the smallest mom-and-pop shop has a website and hosting provider that connect to at least one computer holding client… Read more »
01.04.18New System Vulnerabilities You Need to Know About Researchers have disclosed vulnerabilities in the way processors are handling memory management while data is traversing the central processing unit of your system. The latest update on these vulnerabilities can be found at this post from Project Zero. Vulnerability Details: What You Need to Know There are… Read more »
12.04.179 Tips to Help You Land the Information Security Job You Want with Minimal Related Experience I consistently hear from service members who are leaving the military and want to move into the information security field. For those who spent their time in the military working in the computer security field and are leaving the… Read more »
11.28.17How to be Sure Your Security Solutions are Working for You–Not an Attacker. Oh, what a year it has been! So far, 2017 has been full of mega breaches due to patching issues, more Internet of Things (IoT) related attacks, and ransomware causing organizations pain. While we had more events, the challenges from 2016 remain… Read more »
08.09.17Carbon Black’s assertion that this only affects Cb Response: Carbon Black’s response to our post is just more validation of our findings. In general, vendors need to be more careful with how they handle customer data, even if it is an optional feature. As we stated in the blog post, we were unsure if this… Read more »
