An excellent publication from Forcepoint that covers CnC malware, malicious insiders and attribution. Unlike other threat reports, this report covers multiple human factors that are often neglected in technical reports. In some cases, human error and predisposition to reuse malware has lead thee researchers to determine a high probability of configuration reuse which leads to easier detection of [...]
The first is actually more common place. The second assumes the admin that maintains WordPress leaves a backup or older version of the file readable by any visitor that happens to “guess” a filename. In the past, CompSec Direct has been successful employing both techniques for customers during security audits, however the second leaves a 404 [...]
Excellent report by Kaspersky that unmasks a breach inside their corporate infrastructure. Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks
PCI-DSS recently released a revised document that covers pen-testing requirements for merchants and security providers. The document does a good job of comparing pen-testing with vulnerability assessments. If your company recently had a pen-test or vulnerability assessment done that did not cover all of these area and more, then call us and compare. Here is a [...]
Please take time to read this insightful publication by David Emm, Roman Unuchek, Victor Chebyshev, Maria Garnaeva and Denis Makrushin from Kaspersky Labs. The publication offers unparalleled insight and examples of current evolving threats through the info sec lens. Click to Download
