Cyber Security Awareness and Vulnerabilities Blog

Image
IT Security

When Security Becomes a DevOps Blind Spot

Feb 4, 2018
Speed is essential in today’s business climate, hence the rise of DevOps. Unifying development and operations compresses development cycles and enables more frequent deployments that align closely with business objectives. It’s no wonder executives love DevOps. But one question is often left unasked in DevOps strategy meetings: what about security? When speed and agility are paramount, it’s easy for data protection to take a backseat. Continuous delivery leaves little time to consider security controls.
Image
What is?

Security Answers in Plain English: What is a Man-in-the-Middle Attack?

Jan 16, 2018
"I heard on the news about how some sites and mobile apps are vulnerable to Man-in-the-Middle attacks. What is a Man-In-The-Middle Attack, how does it work, and how can I protect myself?" Man-in-the-Middle (MitM) attacks are basically one website stepping in-between you and a legitimate website so that whatever you do on the legitimate website can be seen and stolen by the attacker who owns the site in the middle. There are two common ways this happens:

Lessons Learned at Gartner Identity and Access Management Summit 2017

Dec 10, 2017
More than 1,800 delegates from companies around the globe converged last week in Las Vegas for Gartner’s annual Identity and Access Management (IAM) Summit. Gartner IAM is unique in that it is solely focused on identity and access management rather than covering all areas of security. 

Tips for Success with Access Assurance Suite

Dec 6, 2017
So you’re using Core Access Assurance Suite (AAS). Maybe you’ve been using it for a while and have a routine down – but there may be ways to make your experience with this program even better. Every now and then it’s important to reassess the tools you are using to see how you can get more out of them. Today’s post is to share a few tips to help create a better user experience with the product through regular maintenance activities.

The Latest Exploits Shipped to Core Impact

Dec 3, 2017
Summary of all of the exploits and updates shipped to Core Impact 2017 R2 since Sept 26th (the last Dot release):
Image
IT Security

Securing Your Organization From the Inside Out

Nov 27, 2017
One of the most common ways for breaches to occur is purely out of not knowing if or how it could happen. You can’t protect what you don’t know you have – or that you don’t know you have to. Here are some tips for auditing your data and putting some security action behind it.
Image
Security Tips

How to Prepare for Attackers This Holiday Season

Nov 8, 2017
We’ve made it back to that time of year where retail booms as the world goes shopping for gifts during the holiday season. While it is time for retailers to shine, it’s also the time where retailers are most vulnerable to security risks as bad actors are gearing up too.  We have spent a good bit of time recently discussing how PCI-DSS regulations are only a starting point for truly securing your organization against cyber-security risk. In today’s blog we will talk about what may come this holiday season.
Image
Organization security

How You Can Benefit From Penetration Tests

Nov 6, 2017
There are many reasons to penetration test your organization – and not just to adhere to compliance protocols. Nonetheless, sometimes that’s the routine we get caught in, isn’t it? We do it just because we have to, but we don’t leverage the findings from the tests to better secure our business. Well, today’s the day we start leveraging and seeing the true value behind penetration testing. Take a look at these four ways in which you can benefit from penetration tests.
Image
5 Security Tips

5 Steps to Building a Vulnerability Management Program Pt. 3

Oct 25, 2017
As we reach the end of October and the end of Cyber Security Awareness Month, we are also ending our current series on building a vulnerability management program. We've given you five easy steps to follow to build or improve your vulnerability management program. Just because this month is only recognized once a year doesn't mean you should lose sight of its importance. If you are ready to get started building your security posture, let us know how we can help. 
Image
5 Security Tips

The 5 Keys to Building a Red Team

Oct 23, 2017
It’s not just about hiring a group of people and dubbing them as part of a Red Team. There are some important steps to ensure you are hiring the right people for the job at hand with a focused goal in mind. Here are the five key steps to build out a successful Red Team: 1. Have the Right Conditions Oftentimes when looking for jobs people are seeking a good culture-fit. A place where they are challenged and won’t become stagnant in their abilities or uninspired causing them to not reach their full potential.
Image
5 Security Tips

5 Steps to Building a Vulnerability Management Program Part 2

Oct 18, 2017
Welcome to part two of our series on building a vulnerability management program. Today we go through steps three and four of our build but if you missed last week, you can catch up here. 

Remember These PCI Pen Testing Requirements

Oct 16, 2017
Things just got real for companies that need to comply with PCI requirements. Not only is PCI v3.2 mandated, the PCI Standards Security Council has issued guidance on using penetration testing as part of a vulnerability management program.
Image
5 Security Tips

5 Steps to Building a Vulnerability Management Program Pt. 1

Oct 11, 2017
Let's talk about actual tactics you can put in place to start building or improving your vulnerability management program. 
Image
Business men shaking hands

Who to Have a Part of Your Red Team

Oct 9, 2017
Red Team Basics The SANS definition of a Red Team is, “a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access.”
Image
What is?

What is a Vulnerability Management Program?

Oct 4, 2017
The Equifax breach was caused by a vulnerability. The WannaCry virus exploited a vulnerability. The stories don’t seem to end but it seems like no one is talking about how to solve this problem which is: start a vulnerability management program. “Manage the vulnerabilities in my network? Sounds easy” well, not so much, but not so difficult that you shouldn’t be spending time and resources on it. This blog covers the planning and set up of vulnerability management programs. 

3 Tips to Conducting Successful Web Application Tests

Oct 2, 2017
At the age of six, my parents were looking for ways to get me out of the house and burn some of that energy every six-year-old child has. On top of being pretty small, I grew up in a small town. So my options for youth sports were pretty limited. However, through a series of conversations, my parents decided to get me involved in the youth wrestling program. What I didn’t understand at the time, was this was the beginning of many life lessons. In today’s blog, I want to talk about a few of those lessons and how they correlate to running web application pen tests.

Latest Improvements Shipped to Core Impact 2017 R2

Oct 1, 2017
It is our mission to continuously provide to you a comprehensive and up-to-date penetration testing tool to meet the needs of the market. Today we are recapping the 23 total updates that have been shipped to Core Impact 2017 R2 since its release on August 14th 2017. The team has been working hard to develop these improvements in order for our users to continue to experience the maximum value from Core Impact.

Holiday Season is Coming – Don’t Be a Target

Sep 27, 2017
It’s that time of year again where the air turns a bit cooler, pumpkins start popping up in your supermarket and your annoying neighbor starts posting daily “Only XX Days til Christmas” updates. Yes, it is almost holiday shopping season and if you’re lucky enough to be in retail at this time of year, this is your three-month long super bowl.
Image
Security Compliance

The Importance of PCI Compliance

Sep 25, 2017
*As used previously in GCN.com As governments look for more ways to reduce costs, electronic payments have become an economical method of purchase. Using credit or debit cards reduces the time it takes to receive funds, is less error-prone and makes it easier for residents to pay.
Image
Security Tips

How to Spot and Stop Zombie Accounts in Your Network

Sep 20, 2017
Zombie accounts, also known as abandoned accounts, are user accounts left with no verifiable owner. This happens most often when someone leaves your company and their access to a certain application is never terminated. In a perfect world, the person that leaves you would never try and get back into your system for any reason. However, our world is not perfect. Instead, we have rogue players who can create or hide these accounts in your system for nefarious reasons.
Image
Security Compliance

The Biggest Risk for Security Breaches: Humans!

Sep 18, 2017
You can have all the tools in place: firewalls, security programs, routinely updated passwords and security team members. But that still might not be enough.
Image
Security Tips

How to Set SMART Goals With Your Red Team

Sep 11, 2017
As with most anything in life, you want to set SMART goals. Setting goals that follow this guideline (Specific, Measurable, Achievable, Relevant and Time-bound) allows you to form hypotheses and set firm parameters around your work and what potential outcomes to expect. This is no different for the Red Team whose sole purpose is to test the security measures currently in place and test how to improve or continue that in your infrastructure.
Image
Identity & Access Management

New Release: The Most Beautiful Experience in Identity

Sep 6, 2017
Before I start, I need to come clean and tell you that I love enterprise software. Weird? Maybe. However, after working in the industry for many years and for many different companies, enterprise software is the basis for what drives business. Whether it’s your CRM, ERP or cyber security – it all starts with enterprise software.

Quick Guide to Penetration Testing

Sep 4, 2017
We're always trying to simplify how you go about pen-testing your organization. Anytime you make something too complicated there becomes unnecessary barriers to completion. Enjoy this free Guide to Penetration Testing to ensure you complete your penetration tests quickly and efficiently. 1. Project Scope Before starting your pen-test, you need to determine you plan of attack. This will consist of what to include in the test and will spell out your goals.

Pivoting for Penetration Testing

Aug 28, 2017
I recently was watching an old episode of “Friends”. During this one particular episode, Ross was trying to move a couch into his upstairs apartment. As they were trying to carry the couch upstairs, they reached a point where they had to turn a corner. As you can imagine - the couch becomes stuck and Ross was yelling, "PIVOT!!" Since joining Core Security, anytime I hear the word ‘pivot’, I think about it in terms of how an attacker would move through a network.