Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
07.19.24As of 0409 UTC, a critical issue with CrowdStrike Falcon Sensor agents on Windows devices has caused significant global outages. This was not a security incident or cyberattack, and DirectDefense’s infrastructure was not affected by this outage. The root cause has been identified as an automatic content deployment applied to Windows hosts, which has resulted in… Read more »
07.10.24Organizations with security maturity can greatly benefit from annual red team assessments to keep up with the ever-evolving cyber threat landscape. Major organizations that hold detailed and private information are prime targets for malicious attackers, regardless of industry. Bad actors will find ways to break through physical and cyber barriers to obtain and sell personal… Read more »
07.01.24Introduction: Implications of These Findings This piece details the development of a chain of two exploits intended to allow an individual to run a custom OS/unsigned code on the Pixel Tablet Dock and utilize that to perform further security-research on the Pixel Tablet itself. The injection vector, as well as the ability to bypass AMLogic (AML)… Read more »
05.23.24On Monday, the U.S. Environmental Protection Agency (EPA) issued an enforcement alert outlining the cybersecurity threats and vulnerabilities facing community drinking water systems. It details the necessary steps these systems must take to comply with the Safe Drinking Water Act (SDWA). The EPA issued this alert due to the rising frequency and severity of threats… Read more »
05.07.24Industrial control systems have a big job to do for a single facility’s OT environment – but if you’re operating multiple facilities spread across the U.S. or the world, those systems have a far larger workload, and the security risks inherent in their function get larger too. What no critical infrastructure or industrial corporation wants… Read more »
04.22.24Free threat recon service reveals what you might be missing. Let’s face it, every company has blind spots when it comes to security. Even with a trusted vendor, new threats emerge all the time. Wouldn’t it be reassuring to know exactly what lurks in the shadows of your network? Our latest blog post delves into… Read more »
04.17.24Join DirectDefense at RSA Conference 2024 in San Fransisco DirectDefense will be present at RSA Conference this year, engaging with customers to enhance their OT environments. Here are the opportunities to connect with us. Schedule a Meeting with Our Experts at The Claroty Beats Hub at B Restaurant We invite you to join us at The… Read more »
04.16.24An external penetration testing engagement with a healthcare organization revealed the importance of simple security measures against the darkest of intent. A recent external pen test engagement with a longtime client of ours, a prominent healthcare organization, proved the importance of well-performed reconnaissance and information gathering. A data breach can be devastating, and many individuals’… Read more »
03.28.24During an engagement with a financial services client, DirectDefense relied upon social engineering (and other tactics) to penetrate their physical offices and wireless networks. Performing a combination of physical and wireless penetration testing is always a unique experience for DirectDefense consultants. From location to business type, our team has experienced and learned a lot over… Read more »
03.20.24Never underestimate the abilities of people with too much time on their hands and a pension for malicious activity. Hardware and software security assessments are a key component of maintaining the safety, security, and compliance of any device type, almost regardless of the environment in which they are used. But when the environment is a… Read more »
