Tag: Cybersecurity

Water Utilities Under Siege: Why Basic Cybersecurity is Still Lacking

Last Wednesday, CISA issued an advisory two days after Arkansas City, Kansas, revealed that a Sunday morning cyberattack forced it to switch its water treatment facility to manual operations. In the alert, CISA urged OT/ICS operators in critical infrastructure sectors to apply the recommendations listed in Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity to… Read more »

Response to CrowdStrike Falcon Sensor Agent Issue Affecting Microsoft Devices

As of 0409 UTC, a critical issue with CrowdStrike Falcon Sensor agents on Windows devices has caused significant global outages. This was not a security incident or cyberattack, and DirectDefense’s infrastructure was not affected by this outage. The root cause has been identified as an automatic content deployment applied to Windows hosts, which has resulted in… Read more »

Tales From the Road: If Your Networks Can Talk to Each Other, You’ve Got Gaps

Industrial control systems have a big job to do for a single facility’s OT environment – but if you’re operating multiple facilities spread across the U.S. or the world, those systems have a far larger workload, and the security risks inherent in their function get larger too.  What no critical infrastructure or industrial corporation wants… Read more »

Tales From the Road: An External Pen Test Reveals the Dangers of the Dark Web

An external penetration testing engagement with a healthcare organization revealed the importance of simple security measures against the darkest of intent. A recent external pen test engagement with a longtime client of ours, a prominent healthcare organization, proved the importance of well-performed reconnaissance and information gathering. A data breach can be devastating, and many individuals’… Read more »

Tales From the Road: How Social Engineering Penetration Testing Proved to be A Fruitful Method of Attack

During an engagement with a financial services client, DirectDefense relied upon social engineering (and other tactics) to penetrate their physical offices and wireless networks. Performing a combination of physical and wireless penetration testing is always a unique experience for DirectDefense consultants. From location to business type, our team has experienced and learned a lot over… Read more »

Tales From the Road: An Ongoing Hardware Assessment in a High-Risk Environment

Never underestimate the abilities of people with too much time on their hands and a pension for malicious activity. Hardware and software security assessments are a key component of maintaining the safety, security, and compliance of any device type, almost regardless of the environment in which they are used. But when the environment is a… Read more »

Tales From the Road: The Fortifying Abilities of an In-Depth Web Application Security Assessment

Internal app assessments, while helpful, won’t reveal all of the vulnerabilities weakening your security. Web applications, or web apps, are a common and useful way for companies to interact with both employees and customers. Without adequate assessment, however, security risks thrive, leaving the door open for bad actors to manipulate the systems and cause serious… Read more »

Tales From the Road: A Cybersecurity Breach is Only A Phone Call Away

How DirectDefense Compromised a Banking Institution’s Help Desk and Member Services Using a Phone Social Engineering Attack + 5 Common Vishing Pitfalls to Avoid Cyber criminals will stop at nothing to steal personal and confidential information from their target. In recent years, many high-profile attacks have leveraged targeted phone social engineering attacks, known as vishing.… Read more »

The Rise of Remote Work and Cybersecurity: What You Need to Know to Stay Safe

The COVID-19 pandemic caused a massive shift towards remote work, which remains today. Remote work has become the new norm, and it has brought about many changes in the workplace. While remote work offers many benefits, it also increases cybersecurity risks. In this article, DirectDefense will discuss the rise of remote work and cybersecurity, and… Read more »