Puerto Rico

CompSec Direct gets press mentions for cybersecurity expertise

By |2022-12-04T16:22:50-05:00July 22nd, 2021|Categories: Cyber, News, Puerto Rico|Tags: , , , , , |

CompSec Direct Executive Team with a a Kleared4 Edge unit. Picture taken by R. Fernandez. We were interviewed in 2021 by El Nuevo Día, a local newspaper in Puerto Rico. Some the of the issues we have mentioned are starting to take impact on how businesses mature operations by making investments into staffing. . As a small [...]

Comments Off on CompSec Direct gets press mentions for cybersecurity expertise

BSides PR 2019

By |2022-06-15T00:20:50-04:00October 16th, 2019|Categories: Case Study, Cyber, Defensive Methodology, Disclosure, Forensic, Incident Response, Laws, Legislation, Videos|Tags: , , , , , , , |

Our President, @jfersec, had the privilege of Keynote during BSides PR 2019. During our presentation, we discussed some hard truth's around: the way DeepFakes and "WeakFakes" are utilizedhow we are good imitators and bad innovators in Puerto Ricopast efforts associated with Accelerated Disclosures for public and private companies in Puerto Ricoflaws associated with contract negotiations with [...]

Comments Off on BSides PR 2019

Open-Data wants to be free, but no one looks.

By |2022-06-15T00:22:50-04:00September 29th, 2019|Categories: e-Discovery, Hunting, Scripts|Tags: , , , , , , |

Problem: A few months ago, Giancarlo Gonzales, a former CIO for the island of Puerto Rico, indicated the lack of updates towards open-data in data.pr.gov. As part of an open-data initiative, Puerto Rico created its own version of data.gov, called data.pr.gov, which provides free and open access to government information datasets. Giancarlo alluded to the lack of updated [...]

Comments Off on Open-Data wants to be free, but no one looks.

Judicial branch of Puerto Rico exposes sensitive court documents

By |2022-06-15T00:43:34-04:00May 31st, 2017|Categories: Hacking, Laws, Reports|Tags: , , , , , |

Problem CompSec Direct recently became aware of an information disclosure problem with the https://unired.ramajudicial.pr/lawyernotificationauthentication/ application used by the judicial branch of the Puerto Rico government. The application uses a weak sequential ID string that is provided to attorneys and clients in order to view sensitive legal documents. Manipulating the ID string with simple math, similar to the overturned [...]

Comments Off on Judicial branch of Puerto Rico exposes sensitive court documents

CompSec Direct receives media mentions as the result from incident response services offered to Hacienda of Puerto Rico

By |2022-06-15T00:46:16-04:00March 18th, 2017|Categories: Attribution, Contracts, Cyber, Defensive Methodology, Hunting, Incident Response, Reports|Tags: , , , , |

The Center of Investigative News (Centro de Periodismo Investigativo) published an excellent summary of events from the situation the department of Hacienda faced in early March of 2017. Our early involvement in this event helped the citizens of Puerto Rico during an already difficult economic situation. We will continue to work with the department of Hacienda [...]

Comments Off on CompSec Direct receives media mentions as the result from incident response services offered to Hacienda of Puerto Rico

CompSec Direct solicited for subject matter expertise on Incident Response for Hacienda of Puerto Rico

By |2022-06-15T00:47:26-04:00March 10th, 2017|Categories: Attribution, Contracts, Defensive Methodology, Hunting, Incident Response, Reports|Tags: , , , |

CompSec Direct was asked to provide incident response services to the department of Hacienda, the Treasury department of Puerto Rico, on March 7,2017. The department of Hacienda was experiencing daily losses of approximately $20 million dollars a day due to the severity and impact of ransomware on the government network. CompSec Direct’s president, Jose Fernandez, led [...]

Comments Off on CompSec Direct solicited for subject matter expertise on Incident Response for Hacienda of Puerto Rico