dcsimg

An ethical hack reveals endpoint security vulnerabilities

“Know thy enemy and know yourself; in a hundred battles, you will never be defeated.” ~ Sun Tzu, The Art of War Sun Tzu’s advice is as applicable in cyber security as it is in battle. He warns, “When you are ignorant of the enemy but know yourself, your chances of winning or losing are equal. If ignorant both of your enemy and of yourself, you are sure to be defeated in every … [Read more...]

Hardening Windows Endpoints Against Cyber Attack: Part II

In Part I of the blog series, Hardening Windows Endpoints Against Cyber Attack, I covered the first three steps of an ethical hack. Step 0: Pre-Engagement Step 1: Passive Recon Step 2: Active Recon Now the run really begins. In this blog post, you’ll learn how to put all the knowledge you gained during the planning and reconnaissance steps into action. Let’s walk through the next steps: Step 3: … [Read more...]

A look behind the scenes of a Wi-Fi Hack: What are the secrets?

You snag a seat at your local café and open your laptop. Maybe you’re on the patio, grateful for the heater. The scent of coffee powers up your brain. The low hum of people chatting is welcome, after months of isolation. The logon page appears as you search for the Wi-Fi in your settings. Despite the security risks of free Wi-Fi, 81% of people readily connect What you don’t know is the backpack … [Read more...]

Least Privilege Examples, as told by the Three Ghosts of “A Christmas Carol”

With the holiday season upon us, it’s a good time to settle down with a beloved story. I re-watched the Charles Dickens classic, A Christmas Carol, the other day (well, actually it was Scrooged with Bill Murray, of course) and found myself thinking about the parallels with cyber security. Really, I did. In the story, Ebenezer Scrooge is first visited by the Ghost of Christmas Past. They watch … [Read more...]

Hardening Windows Endpoints Against Cyber Attack: Part I

To secure Windows endpoints against cyber attacks, it helps to think like a cyber criminal. Cyber criminals look for the cheapest, fastest, stealthiest way to achieve their goals. Windows endpoints provide many opportunities to gain entry to IT environments and access to sensitive information. As part of the ethical hacking community, my ultimate goal is to help you secure your organization. … [Read more...]

How to Protect Your macOS Endpoints with Shift from KEXT to SYSEX

Cue music: Ch-Ch-Cha-Changes In recent macOS releases, Apple has been drawing attention to third-party software that uses technology like kernel extensions and system extensions. This technology allows users to install components or apps that extend the native capabilities of the macOS operating system. Apple’s deprecation of kernel extensions (KEXTs) and introduction of Endpoint Security Enabled … [Read more...]

9 Cloud Security Best Practices Your Organization Should Follow

Transitioning to the cloud is one of the most significant technology shifts your company will face. Last year, over 80% of organizations operating in the cloud experienced at least one compromised account each month, stemming from external actors, malicious insiders, or unintentional mistakes. The specifics of cloud security activities may vary depending on your cloud platforms and use cases, … [Read more...]

Every system is a privileged system: Incorporating Unix/Linux in your privilege management strategy

Lately we’ve been banging the drum that “every user is a privileged user,” meaning privileged users aren’t limited to system administrators but also include business users with access to applications and endpoints linked to critical business data and functions. The second verse to that refrain is that “every system is a privileged system.” Within your IT environment, laptops, servers, databases, … [Read more...]

How to Expedite Discovery of Service Accounts for Onboarding into Service Account Governance

Service accounts, by their nature, can take on a life of their own. They’re rarely tied to a human owner if managed at all, so service account sprawl takes over and organizations’ privileged account attack surfaces can expand almost beyond measure. And with almost all medium to large organizations unable to pull service accounts into a standardized governance cycle, there’s a ton of risk, too. The … [Read more...]

Remote Worker Security: The Risks, Challenges, and Solutions

The concept of working remotely, or granting remote access, isn’t anything new for most IT professionals. Most organizations have embraced a remote workforce, be it their own employees, contractors, consumers, business partners, and managed service providers. What does “working remotely” mean today? For IT professionals, remote access had been thought of as performing your job … [Read more...]