January 28 is Data Privacy Day (DPD)! I know, you're so excited that you've got a party planned to get your executives, Marketing and Sales personnel to spend all day reviewing and revising your Privacy Policy (especially now that Privacy Shield is invalid). The general focus of DPD is to inform consumers about the need to maintain the privacy of...

Is your system 100% ready to face the severest cyber-attack and mitigate the risk of a possible data breach? If you are unsure about your cyber-safety structure, then it’s time to upgrade it. Otherwise, you could be at risk of lengthy legal battles that result in hefty fines. Beyond that, the cost in terms of reputational loss could be catastrophic...

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) Standards are a cybersecurity compliance framework designed to protect utility organizations. Adhering to these guidelines is essential—falling short will leave your environment vulnerable to malicious actors and can result in some hefty fines. NERC CIP...

In the digital age, organizations and the missions and business processes they support rely on information technology and information systems to achieve their mission and business objectives. Not only is technology used to efficiently enable businesses to carry out operational activities, but it is also the backbone for the United States' critical...

Most security breaches are the result of one thing: sloppy password practices. Too many people make the mistake of choosing weak passwords, or reusing passwords that they have used elsewhere on the internet - making life too easy for malicious hackers trying to gain unauthorised access. So I was pleased to see Google announce that over the coming...

As we say goodbye to 2020 and spend time reflecting on the industry changes, reassess our workflows and procedures in order to identify where 2021 will bring us, it’s a brilliant time to also address our security practices and ways we can bring improvement to those, as well. After considering the top challenges I saw with development teams and...

A few years ago, I worked alongside some oil commodity traders. Environmental concerns aside, I never realized how many parts were required to get the oil out of the ground, not to mention everything else that finally resulted in the production of refined products that surround our lives. As a cybersecurity professional, I was more interested in how...

‘Business’ is a verb that practically means the movement of data. If you aren’t sharing data – keeping the books, sharing ideas and stats about sales, getting the correct information regarding the customer or data to the customer – then you aren’t doing much business. But organizations need to protect their data along the way. Infosec has so many...

The U.S Government released on January 5, 2021, a cybersecurity plan to secure the nation’s maritime sector against cybersecurity threats that could endanger national security. The Maritime Cyber Environment With International Maritime Organization’s (IMO) mandate “to ensure that cyber risks are appropriately addressed in existing safety...

Almost exactly a year ago, cybersecurity professionals were locked in a heated debate about insurance. While some were keen to point out that the future of the industry would need to include some form of insurance market, others argued that cyber insurance would never be worth the premiums, especially given the inherently volatile nature of...

The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to companies to better protect their cloud-based accounts after several recent successful attacks. According to an advisory published by CISA, an increasing number of attacks have succeeded as more employees have begun to work...

In a previous blog, I discussed securing AWS management configurations by combating six common threats with a focus on using both the Center for Internet Security (CIS) Amazon Web Services Foundations benchmark policy along with general security best practices. Now I’d like to do the same thing for Microsoft Azure. I had the privilege of being...

On February 11, 2020, Offensive Security introduced a major overhaul and update to their already fantastic course: Penetration Testing with Kali Linux. Those changes included updates to their lab environment. The study materials were substantially updated, with additional material including entire new sections on Bash Scripting, Active Directory...

Today’s VERT Alert addresses Microsoft’s January 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-922 on Wednesday, January 13th. In-The-Wild & Disclosed CVEs CVE-2021-1647 A vulnerability in the Microsoft Malware Protection Engine (MMPE) is currently seeing active exploitation. Since...

Complying with Standards drawn by the Payment Card Industry Security Standards Council can be complicated and time-consuming. But, with a PCI DSS Gap Analysis, the process becomes a lot easier, streamlined, and less exhaustive. PCI Gap Analysis is the first step towards the Compliance process. The assessment provides details on your current security...

In their attempt to extort as much money as quickly as possible out of companies, ransomware gangs know some effective techniques to get the full attention of a firm's management team. And one of them is to specifically target the sensitive information stored on the computers used by a company's top executives, in the hope of finding valuable data...

Tripwire's December 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Pulse Secure, and Oracle. First on the patch priority list this month are two vulnerabilities that have recently been included within the Metasploit exploit framework. One is a vulnerability in Pulse Secure Desktop Client and the other is a...

A popular joke among technologists says that it’s always DNS, even when it initially didn’t seem that way. DNS issues come in many shapes and forms, including some often-overlooked security issues. DNS (short for the Domain Name System) continues to be described as “the phonebook of the Internet,” but many people, including most readers of this...

Last year, I wrote about the Verizon Payment Security Report saying it was ”Not Just for PCI.” Verizon liked that post enough to include its introduction in this year’s version. This recognition was a wonderful surprise. Like last year’s report, the 2020 publication goes well beyond PCI in its information and recommendations. While PCI DSS forms...

In this blog series, I will be putting the spotlight on useful Ghidra features you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective in your reverse engineering workflows. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how to use it effectively. In...