A person holding a Google Chromecast remote and pointing it to a TV screen.

Executing a Chromecast Exploit – Times Three

Chromecast with Google TV (1080P) Secure-Boot Bypass Introduction: Implications of These Findings This piece details the development of a chain of three exploits intended to allow an individual to run a custom OS/unsigned code on the Chromecast with Google (CCwGTV) 1080P. Security researchers Jan Altensen, Ray Volpe, and I developed this chain of vulnerabilities as… Read more »

OT Security Assessment of Water Utility Illuminates the Path for Widespread Industry Improvement

Our recent OT security assessment at a private water utility illustrates how no industry is safe from security threats. Regardless of sector, all industries, from education, to finance, to water treatment, are susceptible to bad actors taking advantage of their internally-overlooked vulnerabilities. While water utilities have historically lagged behind other industries in OT security, the… Read more »

The Power of a Physical Penetration Test

Is Your Organization’s Physical Security Top-Notch? Having high-level security measures at any organization is a must, especially for large corporations that deal with specific clientele and hold confidential and sensitive information. We know attackers find ways to gain access to corporate networks remotely, but physical access poses even more risk, as attackers can potentially get… Read more »

What An Enterprise Risk Assessment Looks Like

Has your corporation been keeping up-to-date on the latest security practices? An important one to bring into your security repertoire is an enterprise risk assessment. It’s crucial to regularly conduct enterprise assessments to ensure the effectiveness of your corporation’s security measures. An enterprise risk assessment helps your organization continuously update and measure all security protocols,… Read more »

Combat Ransomware: Try Halcyon’s Anti-Ransomware Platform Free for 60 Days

Armor Your Endpoints Free for 60 Days  If you’ve experienced the impact of a ransomware attack, you understand how severely it can disrupt business operations. That is why we’re partnering with Halcyon to offer a 60-day free trial of their anti-ransomware platform.  Halcyon’s next-generation anti-ransomware solution stops attackers at all phases of a breach using… Read more »

Tales From the Road: A Cyber Security Breach is Only A Phone Call Away

How DirectDefense Compromised a Banking Institution’s Help Desk and Member Services Using a Phone Social Engineering Attack + 5 Common Vishing Pitfalls to Avoid Cyber criminals will stop at nothing to steal personal and confidential information from their target. In recent years, many high-profile attacks have leveraged targeted phone social engineering attacks, known as vishing.… Read more »

Tales From the Road: When it comes to your SCADA Network: Segment. Segment. Segment.

How DirectDefense uncovered weaknesses in a municipality’s SCADA systems and a need for SCADA network segmentation A large municipality enlisted the services of DirectDefense to perform a Critical Infrastructure Assessment of the SCADA network controlling their water and electric services. During the SCADA assessments, our team identified several weaknesses that demonstrated the need for SCADA… Read more »