PCI-DSS recently released a revised document that covers pen-testing requirements for merchants and security providers. The document does a good job of comparing pen-testing with vulnerability assessments. If your company recently had a pen-test or vulnerability assessment done that did not cover all of these area and more, then call us and compare. Here is a [...]
Excellent article by Sean Gallagher from ArsTechnica. It truly captures the essence of how our world is likely headed into an unfortunate collision with technology. http://arstechnica.com/information-technology/2015/02/fear-in-the-digital-city-why-the-internet-has-never-been-more-dangerous/1/
Awesome post from Business Insider’s Vivian Giang. If you are into Social Engineering, lying in person is perhaps one of the best ways to accomplish either Corporate Espionage or Penetration Tests. Here are 11 indicators that you should be on the lookout for, or conscious not to do. http://www.businessinsider.com/11-signs-someone-is-lying-2014-4?op=1
This link by Richard Porter provides a quick link to ip’s you can easily blacklist with any iptables or netfilter firewall. Ultimately, it provides a quick list of Tor nodes, known spammers and compromised hosts that any NOC/SOC would be interested in blocking. https://isc.sans.edu/diary/Subscribing+to+the+DShield+Top+20+on+a+Palo+Alto+Networks+Firewall/19365
Hello! This is jfer from compsec direct. I would like to show you how to leverage the new Kerberos exploit against Windows domain controllers called ms14-068. This vulnerability allows a user with domain credentials to forge a Kerberos ticket and receive domain admin privileges via the forged ticket. I want to thank Sylvain Monné aka Bidord [...]
Excellent post associating the attributed costs of security breaches over time.
One of the best Sans webinars I have seen in a long time. Thank you Ed and John for putting together such a comprehensive presentation. Read More
Please take time to read this insightful publication by David Emm, Roman Unuchek, Victor Chebyshev, Maria Garnaeva and Denis Makrushin from Kaspersky Labs. The publication offers unparalleled insight and examples of current evolving threats through the info sec lens. Click to Download
Despite numerous public takedowns, cyber criminals will continue to extort users by leveraging their own data as ransom.Click Here for Original Post
According to the study by ISACA, 15% of companies are prepared, or feel prepared to handle APT’s. Download Report Here
