Cyber Security Awareness and Vulnerabilities Blog

Image
Security Tools

4 Steps to Building a Vulnerability Management Program

Feb 1, 2017
Day after day we hear stories of companies being breached because of vulnerabilities in their systems. While some of these vulnerabilities may be new, the majority of breaches are caused by vulnerabilities that have had a patch available for weeks, months, even years but are left unpatched. If you know that there are vulnerabilities on your network, why wouldn’t you patch them immediately? Simply put, there are too many vulnerabilities and not enough time. So the question becomes not “how can I patch all of my vulnerabilities” but “how can I know which vulnerabilities to patch first?”
Image
What is?

Tips to Better Understand Cyber-Security

Jan 30, 2017
2016 really made a name for cyber-security. Now let’s make 2017 the year of executing strong cybersecurity plans. In order to fight the war online, you first need to understand what it is you are actually fighting. You hear the buzzwords such as “cybersecurity,” “pen-testing” and “IoT” – but do you know the full scope of what they really mean?
Image
5 Security Tips

5 Things You Need to Know about Ransomware

Jan 25, 2017
Earlier this year, we mentioned ransomware as a trend to watch in 2017. While some experts believe it will hit a plateau this year, that doesn’t mean that it will be any less harmful to businesses and consumers alike.  Here are 6 things to know about ransomware:
Image
IT Security

Why Outsourcing Security Isn’t Something to be Scared Of

Jan 23, 2017
No matter what you call them: threats, weaknesses, risks or vulnerabilities, they’re out there. Are you ready to handle them? Do you have a team internally dedicated to conducting pen-tests regularly? Are the people you’ve hired trained and experienced in conducting pen-tests or seeking out weaknesses in your system? How about fixing or eradicating issues before they actually become problems?
Image
IT Security

Security for Any Business Size

Jan 16, 2017
Let’s not fall victim to just talking about securing our businesses or people without putting action behind it. Cyber-security has grown to be a hot topic as technology advancements continue and after many cyber-attacks, breaches and panic in 2016. When hearing details about the attacks that happened to Target, Yahoo or Anthem, you can’t help but wonder if you could be next.
Image
Identity & Access Management

4 Challenges of Identity and Access Management

Jan 11, 2017
Database and password incidents are so common today that it takes a massive breach to make headlines. Coverage of these breaches often highlights that stolen credentials were a key part of infiltrating the network. Even though we know credential theft is often at the heart of these incidents, why is it so difficult to convince our organizations, leadership, employees, and customers to take Identity and Access Management (IAM) seriously? Here are four key challenges of IAM:
Image
Security Tips

How to Create a Company Culture of Security

Jan 9, 2017
Cyber-security firms are consistently talking about securing the Internet of Things, analyzing the latest hack or trying to sell you on the latest and greatest tool. Oftentimes, this makes you look at the newest security software to put in place (which we recommend you do) or increase the number of pen-tests to ensure your systems are in optimal condition. What you may be missing is the most common source of exploits and vulnerabilities—the people in your company currently using the devices, apps and more on your network.
Image
5 Security Tips

5 Common Cybersecurity Mistakes

Jan 4, 2017
One of the cool things about working in cyber-security is that you get to see a lot of really cool ideas for keeping your organization safe. You also see some pretty terrible mistakes that are leaving both yourself and your customers at risk. Read on for five of the most common cyber-mistakes and how you can fix them.

5 Trends for Cybersecurity in 2017

Dec 29, 2016
1. The Internet of Things as a Trojan Horse These seemingly innocent devices bring vulnerabilities into your network By default, these devices are open to the internet and are rarely reconfigured from the default settings meaning every connection from the IoT is putting your network in danger.  If you do not have an IoT policy in place, now is the time to start. While default settings are easy for the user, they are an open door for bad actors to your data.   

Are Your Employees' Holiday Gifts Putting You at Risk?

Dec 7, 2016
It’s the most wonderful time of the year and if you’re like me, you’re already counting down the days until Christmas. It’s a time to be with friends and family with the added bonus of unwrapping those gifts under your tree. What most of us don’t think about, is how those gifts can affect our organizations.
Image
Identity & Access Management

Protecting Your Organization from Identity Theft

Nov 30, 2016
Did you know that, on average, 15 million residents in the U.S. are affected by identity theft and upwards of $50 billion are stolen each year? During the holiday season we hear a lot about keeping your identity safe when shopping online or in retail stores across the country, or even across the world. Why? The most obvious reasons are that your money can be stolen and in turn, your credit ruined. These are both valid points for consumers, but how can you apply that to your organization and more importantly, your money, intellectual property, and customer records?

Jingle Bells, Retail Sells, Attacks are on the Way (Part 2)

Nov 15, 2016
It’s that time of year where retail booms as the world goes shopping for gifts during the holiday season. It’s the time for retailers to shine. It’s also the time where retailers are most vulnerable to security risks as bad actors gear up to target retailers.  In part one of this series, we discussed how PCI-DSS regulations were only a starting point for truly securing your organization against cyber-security risk. In today’s blog we will talk about what to expect this Cyber-Monday.

Jingle Bells, Retail Sells, Attacks Are on the Way (Part 1)

Nov 13, 2016
It’s that time of year where retail booms as the world goes shopping for gifts during the holiday season. It’s a time for retailers to shine. But, it’s also the time where retailers are most vulnerable to security risks as bad actors gear up to target them. In this two part series, we will discuss things retailers should consider this holiday season to better secure themselves from attacks and to ensure continuous compliance to industry regulations.
Image
Data Security

How to Mitigate Data Breaches in Healthcare IT

Nov 9, 2016
What once was only science fiction is now our reality, anything and everything can be hacked. For healthcare providers, ‘anything’ includes not only patient records and claims information, but sentient things like drug pumps and pacemakers. In addition, healthcare has operational functionality that make this space particularly challenging. The mobility challenge is particularly unusual because the workforce is constantly moving in and out of foundations, universities and hospitals.

How to Prepare for a DDoS Attack

Oct 24, 2016
“There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think... it's all about the information!" – Sneakers
Image
Reporting

New Release- Access Insight 9.2

Oct 19, 2016
Core Security is excited to announce our newest release - Access Insight 9.2! The most exciting part of this release is the added ability to support Segregation of Duties (SoD) which identifies conflicts between roles or entitlements within an organization. Access Insight 9.2 now supports setting up SoD policies for roles and entitlements to allow users to create policies in the Manage Policy page to set up SoD Roles and SoD Entitlement Policies.

Core Impact Pro 2016 R1.2 Now Available

Oct 17, 2016
We are pleased to announce the official release of Core Impact Pro 2016 R1.2. More than 46 updates have been added thus far, and are available through the regular update channel for all Core Impact customers who have upgraded to the latest version. The team has been working on several privilege escalations, a number of remote exploits for widely deployed software, and numerous enhancements.
Image
Data Security

How to Increase Password Security with Mobile Reset

Oct 5, 2016
Ineffective password management can be a significant burden to most organizations, resulting in increased costs and security risks. In order to ensure the security of your network, you set rules around password creation including the use of characters, symbols, minimum lengths and more. You’ve restricted the use of old passwords and instituted a process for the passwords to be changed at regular intervals. While these tactics are helpful for keeping passwords safe, they often lead to users forgetting their passwords and/or getting locked out of the applications that they need.
Image
IT Security

Securing Access in an Always-Connected World

Sep 28, 2016
How many devices do you have within your reach right now? How many emails did you answer on your cell phone, work or personal, after you got home last night? Did you watch the debate this week? How? For the first time there were live streaming versions of the debate on television, Facebook, Twitter, and on the websites of too many media outlets to count.

10 Reasons to Pen-Test Your Network

Sep 12, 2016
Are you using penetration testing in your cyber-security tool kit? Why not?! Penetration testing, or pen-testing, is one of the most important tools to not only find the holes in your network but to prioritize them for remediation. Keep reading for the 10 reasons you should be pen-testing.

How to Pen Test Against Orphaned and Privileged Accounts

Sep 5, 2016
The more pen-tests I do, the more I see that despite how every organization claims that they’re different, I see the same commonalities with how things are being managed inside the network. One of those commonalities that I see tends to vastly improve my odds of persistence and avoiding detection: how an organization handles orphaned accounts and service accounts.

Thoughts from Black Hat and Defcon

Aug 16, 2016
Getting home from what we affectionately call Security Summer Camp is almost as much of an adventure as attending the conferences. Getting caught in the Deltapocalypse on the way home just added to the fun. If you want a real challenge, try seeing your way onto earlier flights during a system-wide meltdown of a major legacy carrier.

The New Rules of Penetration Testing

Aug 8, 2016
 In the past, penetration testing was a fancy name for breaking through a network firewall. However, as technology advances and breaches become even more dangerous – costing an average of £2.53 million, according to research sponsored by IBM – security executives need to revisit pen testing to make sure it is an ongoing practice in their defense arsenals.

How to Spot High Risk Accounts in Your Organization

Aug 3, 2016
The Danger of Stolen or Misused Credentials According to the Verizon Data Breach Report over 80% of breaches were due to stolen or misused credentials. This shows us that our access credentials are more valuable than ever which means that being able to locate our high risk access accounts has become more important than ever. Do you know who has the administrative privileges to your key applications, networks, servers, or even email programs? When you are working in a small company with only a handful of employees this information can be easily tracked.
Image
5 Security Tips

5 Embarrassing Mistakes Found in Penetration Tests

Aug 1, 2016
As you heard from Bobby last week, it is that special time of the year, Black Hat, when all of our friends are gathered together in Vegas to see just what hacks, exploits, tips and tricks there are for us to be concerned about. As a cyber-security specialist, it’s the most wonderful time of the year. However, for consumers and business owners, it is the reminder that what you thought was safely tucked away is actually only a moment away from being breached. On the heels of the Democratic Party’s email breach and the proliferation of hacking in mainstream media with Mr.