Tales From the Road: What Effective Endpoint Security Looks Like
04.20.22Well-configured endpoint security is critical to protect against a ransomware attack or a security breach, and requires some extra attention.
04.20.2204.20.2204.20.22
The Emotional Toll of Incident Response Events
03.31.22Navigating the 5 Stages of Grief Following an Incident Response Event Are you a victim of a data breach and are you feeling signs of grief? You’re not alone. As an incident response professional, I have met many different types of corporate staff, from the IT staff to the C-suite. Unfortunately, it was probably on… Read more »
Assessing Microsoft’s Social Engineering Attack
03.25.22Breaking Down Microsoft’s Response to the Lapsus$ Gang’s Social Engineering Compromise Microsoft has done an excellent job in explaining the social engineering breach that originated against them from the Lapsus$ group. In their recent blog post, they detail the Lapsus$ attack and how access was obtained, as well as provide some decent recommendations to enhance… Read more »
Tales from the Road: The Anatomy of Password Attacks
03.16.22It’s time to rethink your password policy to prevent modern password attacks. If you think your company’s policy of requiring passwords to have a minimum length of eight characters, in addition to other complexity requirements, is sufficient to effectively prevent modern password attacks, think again. Our client, a global corporation with business units in more… Read more »
Tales From the Road: Got Critical Infrastructure?
03.08.22Avoid these three pitfalls that are inherent to most SCADA systems that manage critical infrastructure. A multinational corporation enlisted the services of DirectDefense to perform a security assessment of the organization’s newly-developed battery energy storage control (BESS) that would enable the company’s vendors and integrators to manage the voltage and power output for massive batteries.… Read more »
PolicyKit Vulnerability Exposed After 12 Years: Why You Need to Patch Your Linux Today
01.26.22Security company Qualys has uncovered a dangerous PolicyKit vulnerability. Learn how to remediate and patch Linux.
Planning PCI in the Cloud
01.05.22What PCI Compliance for Cloud Data Looks Like: Challenges and Maintenance Moving to the Cloud is not as simple as “Just put it in the Cloud and we won’t have to do PCI.” The Cloud can reduce PCI Scope but it can also add to the complexity of maintaining PCI compliance. As we will discuss,… Read more »
A Look Ahead at the Security Threats Looming in 2022
12.09.21What to Know, How to Prepare, and How We Got Here When 2021 began, everything from the pandemic to the economy felt uncertain. Security threats increased both as a result of those uncertainties and the ever-growing sophistication of the threat landscape. In this post, we’ll review the events that created security threats in 2021 and… Read more »
Tales From the Road: If Your SCADA Network Isn’t Segmented, It’s Not Secure
07.26.21Newsflash: Most networks utilized for Supervisory Control and Data Acquisition (SCADA) were not designed to be secure. Yes, you read that correctly. Kind of a scary thought, especially when your municipal water utility is reliant on this SCADA network to ensure the availability and safety of the drinking water supply! This is why the management… Read more »
Why Mobile Device Security Matters More Than Most Think
07.19.21Mobile devices are often one of the most overlooked assets from a security perspective. Many people are under the false assumption that mobile devices “can’t get viruses”, “aren’t important”, or that they can ignore mobile updates, when in fact, these devices often store more critical data than people realize, yet statistically are barely more secure… Read more »
