Location: Apex

Tales From the Road: A Cyber Security Breach is Only A Phone Call Away

How DirectDefense Compromised a Banking Institution’s Help Desk and Member Services Using a Phone Social Engineering Attack + 5 Common Vishing Pitfalls to Avoid Cyber criminals will stop at nothing to steal personal and confidential information from their target. In recent years, many high-profile attacks have leveraged targeted phone social engineering attacks, known as vishing.… Read more »

Tales From the Road: When it comes to your SCADA Network: Segment. Segment. Segment.

How DirectDefense uncovered weaknesses in a municipality’s SCADA systems and a need for SCADA network segmentation A large municipality enlisted the services of DirectDefense to perform a Critical Infrastructure Assessment of the SCADA network controlling their water and electric services. During the SCADA assessments, our team identified several weaknesses that demonstrated the need for SCADA… Read more »

Tales From the Road: Minimize Third-Party Software Security Risks

How to Prevent Credential Stuffing with IPv6 Protocol Security Third-party software security risks are created when third-party vendor products lack security, giving attackers wide open access to your organization’s networks and databases. When a vendor has access to your network, including customer and corporate information, your own company’s security doesn’t cover all the gaps, so… Read more »

Is This Thing On? Privacy and Your Smartphone Sensors

Smartphone Snooping Without Microphone Access Can your smartphone sensors still enable apps to eavesdrop on your conversations even after the app has been denied microphone access? It does seem possible. We dug into this question based on two research papers, “AccEar: Accelerometer Acoustic Eavesdropping with Unconstrained Vocabulary”, and “Side Eye: Characterizing the Limits of POV… Read more »

Tales From the Road: Oops, We Did it Again! Breaking the Bank During a Red Team Assessment

Plus: 10 Tips to Keep Your Organization Out of the Red A financial institution enlisted our services to perform a Red Team assessment – an effective approach to simulate a real-world threat actor attempting to compromise an organization from the outside in. Using an email phishing campaign combined with a physical breach, DirectDefense consultants uncovered… Read more »

Tales From the Road: The Best Defense Against Injection Attacks is to Protect Your Legacy App

How DirectDefense accessed sensitive financial and personal data through injection vulnerabilities The best defense against injection attacks is to secure legacy applications by leveraging an app security assessment. Got a legacy app? Then listen up: Legacy applications can be particularly susceptible to injection attacks and organizations should take immediate action to remediate this vulnerability before… Read more »

Tales From the Road: How DirectDefense Got a Free, Round Trip Ticket to an Airline’s Internal Network During a Physical Pen Test

Using Simulated Security Attacks to Test Network and Physical Vulnerabilities DirectDefense was asked by an airline to conduct security testing through simulated security attacks to help identify vulnerabilities that could put the airline’s data and operations at risk. As part of the engagement, DirectDefense: Spoiler Alert: Through effective tactics, like tailgating, we were able to… Read more »

A New Content Agnostic Solution for Fake News Detection

Exploring Fake News Detection as a Service Automated or machine-learning solutions for fake news detection are both necessary and challenging in the fight against misinformation. This post explores the first automatic, content-agnostic approach to fake news detection, FNDaaS, which considers both new and unstudied website features. The Challenges of Fake News Detection Using Current Methods… Read more »

Does Using an AI Coding Assistant Generate Insecure Code?

The Pros and Cons of Leveraging Artificial Intelligence for Code Development Using an AI coding assistant is rapidly becoming an attractive choice for developers. Instead of analyzing your own problem-solving processes and translating them into code, why not draw on the massive body of developed software that has likely solved your problem a hundred times?… Read more »