Patch or Risk Being Breached: Tenable.io and the Verizon 2017 DBIR
According to the 2017 Verizon Data Breach Investigations Report (DBIR), time to patch plays a critical role in the risk exposure to your network. The DBIR states (page 13) “research has shown that vulnerabilities are either patched during that initial…
Credentialed Scan Failures
I am often asked, “How can I be more productive and get better results from my vulnerability scans?” This question could be the result of a failed audit, network outage or breach that was previously undetected. Traditionally, vulnerability scanning may…
Interactive Cyber Maps
Everyday we are reading about Internet attacks, attempting to take sites offline, for a variety of reasons. For most people it is difficult to visualize this type of activity, after all it occurs on a wire, from computer to computer,…
Secret Service Warns of ‘Periscope’ Skimmers
The U.S. Secret Service is warning banks and ATM owners about a new technological advance in cash machine skimming known as “periscope skimming,” which involves a specialized skimming probe that connects directly to the ATM’s internal circuit board to steal…
Attack of the Week: Log Jam
Web-browser makers are preparing a fix for a flaw in an encryption algorithm that makes it possible to spy on supposedly secure communications. However, the updates will mean a minority of websites will be blocked by the new software. The…
Changing Passwords… maybe not so good.
For a long time, I have been an advocate of periodic password changes. That is about to change. I have been in the security industry for nearly 18 years. Changing passwords on a regular basis is something we are all…
Attack of the week: FREAK (or ‘factoring the NSA for fun and profit’)
This article reprinted with permission from Matthew Green @ http://blog.cryptographyengineering.com/ Cryptography used to be considered ‘munitions’. This is the story of how a handful of cryptographers ‘hacked’ the NSA. It’s also a story of encryption backdoors, and why they never quite…
Smart TVs Record Your Casual Conversation.
Televisions that offer voice commands are the hottest new thing on the market. If you have Samsung unit you should read the fine print. The fine print for Samsungs Smart TV voice recognition system says that it will not only…
DHS Releases Destover Wiper Malware Indicators of Compromise
US-CERT released a not-so-cryptic advisory this weekend providing enterprises with indicators of compromise and detailed descriptions of the malware used against “a major entertainment company.” Also stated, “Due to the highly destructive functionality of this malware, an organization infected could…
IT Turnover, Up or Out
So I read this article about IT turnover and many of the items struck a cord with me. I had witnessed it first hand, and even endured it myself on several occasions, with several different employers. Until I found what…