Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
How We Used Vishing to Attack an Internal Corporate Network We are back with the third and final write-up of our social engineering blog series to add to previous posts about an email phishing campaign and target phishing scenarios using social media. This post is all about a vishing call! Vishing or Voice Phishing is… Read more »
How a cybersecurity roadmap can lead you on the road to recovery. A large municipality had a hunch that their cybersecurity needed to be improved (the fact that they fall prey to the regular business email compromised (BEC) scams and have lost money, as a result, might have been a dead giveaway), so they hired a… Read more »
How we “stole” our client’s Tesla during a physical penetration test. Protecting Private Internal Data Needs to Start with Enacting Strong External Security We talk a lot about how to protect your organization from being the target of an attack to your internal network by creating strong passwords, keeping network hardware under lock and key,… Read more »
03.31.22Navigating the 5 Stages of Grief Following an Incident Response Event Are you a victim of a data breach and are you feeling signs of grief? You’re not alone. As an incident response professional, I have met many different types of corporate staff, from the IT staff to the C-suite. Unfortunately, it was probably on… Read more »
Security company Qualys has uncovered a truly dangerous memory corruption vulnerability in polkit’s pkexec, CVE-2021-4034, dubbed “PwnKit”. Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It’s installed by default in every major Linux distribution, which means that tens of millions of devices are vulnerable to this easily-exploitable bug. What makes this flaw even… Read more »
02.09.21If you don’t want to issue the dreaded boil-water advisory then make sure your wireless network is hacker- proof. How our team was able to drive up to a municipal water utility, join the wireless SCADA network and gain the access needed to do some major damage to the water supply – all in 10… Read more »
