Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
01.19.18Interested in building your own mobile application testing lab? We’re here to help. A key aspect of testing mobile applications is the ability to observe and modify network traffic. Learn how to use a router with modified firmware to perform HTTP/HTTPS-based traffic interception. 3 Methods for Intercepting Traffic 1. ARP cache poisoning Testers can use… Read more »
01.04.18New System Vulnerabilities You Need to Know About Researchers have disclosed vulnerabilities in the way processors are handling memory management while data is traversing the central processing unit of your system. The latest update on these vulnerabilities can be found at this post from Project Zero. Vulnerability Details: What You Need to Know There are… Read more »
12.04.179 Tips to Help You Land the Information Security Job You Want with Minimal Related Experience I consistently hear from service members who are leaving the military and want to move into the information security field. For those who spent their time in the military working in the computer security field and are leaving the… Read more »
11.28.17How to be Sure Your Security Solutions are Working for You–Not an Attacker. Oh, what a year it has been! So far, 2017 has been full of mega breaches due to patching issues, more Internet of Things (IoT) related attacks, and ransomware causing organizations pain. While we had more events, the challenges from 2016 remain… Read more »
08.09.17Carbon Black’s assertion that this only affects Cb Response: Carbon Black’s response to our post is just more validation of our findings. In general, vendors need to be more careful with how they handle customer data, even if it is an optional feature. As we stated in the blog post, we were unsure if this… Read more »
08.09.17Carbon Black’s Cb Response product is one of the more popular endpoint detection and response (EDR) tools available in an ever-growing marketspace. However, as a function of how the tool is architected, it is also a prolific data leaker. This threat report blog will help security organizations understand how our vulnerability assessment experts harvested data… Read more »
05.03.174 To-Do’s to Help Keep Your Company’s Network Safe from a Network Security Threat You work hard to hire smart people, but people make mistakes, and it takes only one employee to click the link or run that nasty code – and suddenly an attacker has created a network security threat. Even your best employee… Read more »
03.09.17The news that WikiLeaks released hundreds of documents revealing the CIA’s methods for hacking into smartphones and other Internet-connected devices has received global attention. So, what does the average person need to do to protect themselves if they are an Apple, Android or smart home gadget user? Some vendors have been proactive in publicly disclosing… Read more »
02.13.17Defining and managing PCI scope is arguably the most critical part of any PCI compliance program. An overly narrow scope can jeopardize cardholder data, and an overly broad scope can add unnecessary cost and time to any PCI program. PCI compliance is an ongoing process and requires an annual assessment that can add up to… Read more »
01.31.17Three Key Areas of Failure and What to Look Out For There’s a lot of talk right now about the current state of endpoint protection solutions. Which technology has a future? Which technology should you be looking at? It’s good information to know, but more valuable is knowing which solution would work best for you… Read more »
