Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
The COVID-19 pandemic caused a massive shift towards remote work, which remains today. Remote work has become the new norm, and it has brought about many changes in the workplace. While remote work offers many benefits, it also increases cybersecurity risks. In this article, DirectDefense will discuss the rise of remote work and cybersecurity, and… Read more »
Discover the Benefits of Partnering with an MSSP and Tips for Selecting the Right One for Your Organization A resilient cybersecurity strategy is essential to running your business while protecting against security threats and preventing data breaches. For CISOs, partnering with a managed service security provider (MSSP) means you can be in control of your… Read more »
04.13.23Get Ready for the 2024 PCI Compliance Update The new, stringent, PCI DSS 4.0 will replace PCI DSS version 3.2.1 on March 31, 2024. At that time, you will be required to be compliant with the new specifications. (Do not become confused by the March 31, 2025, date which is when the requirements labeled “best… Read more »
Smartphone Snooping Without Microphone Access Can your smartphone sensors still enable apps to eavesdrop on your conversations even after the app has been denied microphone access? It does seem possible. We dug into this question based on two research papers, “AccEar: Accelerometer Acoustic Eavesdropping with Unconstrained Vocabulary”, and “Side Eye: Characterizing the Limits of POV… Read more »
Plus: 10 Tips to Keep Your Organization Out of the Red A financial institution enlisted our services to perform a Red Team assessment – an effective approach to simulate a real-world threat actor attempting to compromise an organization from the outside in. Using an email phishing campaign combined with a physical breach, DirectDefense consultants uncovered… Read more »
An Examination Whether the Latest AI Products are Anything More Than Powerful New Tools If you work in security or even tech, odds are you can’t stop hearing about recent advancements in artificial intelligence and how they will be humankind’s undoing. With the introduction of products like ChatGPT, OpenAI, or ChatSonic, it’s undeniable that the… Read more »
How DirectDefense accessed sensitive financial and personal data through injection vulnerabilities The best defense against injection attacks is to secure legacy applications by leveraging an app security assessment. Got a legacy app? Then listen up: Legacy applications can be particularly susceptible to injection attacks and organizations should take immediate action to remediate this vulnerability before… Read more »
Using Simulated Security Attacks to Test Network and Physical Vulnerabilities DirectDefense was asked by an airline to conduct security testing through simulated security attacks to help identify vulnerabilities that could put the airline’s data and operations at risk. As part of the engagement, DirectDefense: Spoiler Alert: Through effective tactics, like tailgating, we were able to… Read more »
Exploring Fake News Detection as a Service Automated or machine-learning solutions for fake news detection are both necessary and challenging in the fight against misinformation. This post explores the first automatic, content-agnostic approach to fake news detection, FNDaaS, which considers both new and unstudied website features. The Challenges of Fake News Detection Using Current Methods… Read more »
The Pros and Cons of Leveraging Artificial Intelligence for Code Development Using an AI coding assistant is rapidly becoming an attractive choice for developers. Instead of analyzing your own problem-solving processes and translating them into code, why not draw on the massive body of developed software that has likely solved your problem a hundred times?… Read more »
