Cyber Security Awareness and Vulnerabilities Blog

Jingle Bells, Retail Sells, Attacks Are on the Way (Part 1)

Nov 13, 2016
It’s that time of year where retail booms as the world goes shopping for gifts during the holiday season. It’s a time for retailers to shine. But, it’s also the time where retailers are most vulnerable to security risks as bad actors gear up to target them. In this two part series, we will discuss things retailers should consider this holiday season to better secure themselves from attacks and to ensure continuous compliance to industry regulations.
Data Security

How to Mitigate Data Breaches in Healthcare IT

Nov 9, 2016
What once was only science fiction is now our reality, anything and everything can be hacked. For healthcare providers, ‘anything’ includes not only patient records and claims information, but sentient things like drug pumps and pacemakers. In addition, healthcare has operational functionality that make this space particularly challenging. The mobility challenge is particularly unusual because the workforce is constantly moving in and out of foundations, universities and hospitals.

How to Prepare for a DDoS Attack

Oct 24, 2016
“There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think... it's all about the information!" – Sneakers

New Release- Access Insight 9.2

Oct 19, 2016
Core Security is excited to announce our newest release - Access Insight 9.2! The most exciting part of this release is the added ability to support Segregation of Duties (SoD) which identifies conflicts between roles or entitlements within an organization. Access Insight 9.2 now supports setting up SoD policies for roles and entitlements to allow users to create policies in the Manage Policy page to set up SoD Roles and SoD Entitlement Policies.

Core Impact Pro 2016 R1.2 Now Available

Oct 17, 2016
We are pleased to announce the official release of Core Impact Pro 2016 R1.2. More than 46 updates have been added thus far, and are available through the regular update channel for all Core Impact customers who have upgraded to the latest version. The team has been working on several privilege escalations, a number of remote exploits for widely deployed software, and numerous enhancements.
Data Security

How to Increase Password Security with Mobile Reset

Oct 5, 2016
Ineffective password management can be a significant burden to most organizations, resulting in increased costs and security risks. In order to ensure the security of your network, you set rules around password creation including the use of characters, symbols, minimum lengths and more. You’ve restricted the use of old passwords and instituted a process for the passwords to be changed at regular intervals. While these tactics are helpful for keeping passwords safe, they often lead to users forgetting their passwords and/or getting locked out of the applications that they need.
IT Security

Securing Access in an Always-Connected World

Sep 28, 2016
How many devices do you have within your reach right now? How many emails did you answer on your cell phone, work or personal, after you got home last night? Did you watch the debate this week? How? For the first time there were live streaming versions of the debate on television, Facebook, Twitter, and on the websites of too many media outlets to count.

10 Reasons to Pen-Test Your Network

Sep 12, 2016
Are you using penetration testing in your cyber-security tool kit? Why not?! Penetration testing, or pen-testing, is one of the most important tools to not only find the holes in your network but to prioritize them for remediation. Keep reading for the 10 reasons you should be pen-testing.

How to Pen Test Against Orphaned and Privileged Accounts

Sep 5, 2016
The more pen-tests I do, the more I see that despite how every organization claims that they’re different, I see the same commonalities with how things are being managed inside the network. One of those commonalities that I see tends to vastly improve my odds of persistence and avoiding detection: how an organization handles orphaned accounts and service accounts.

Thoughts from Black Hat and Defcon

Aug 16, 2016
Getting home from what we affectionately call Security Summer Camp is almost as much of an adventure as attending the conferences. Getting caught in the Deltapocalypse on the way home just added to the fun. If you want a real challenge, try seeing your way onto earlier flights during a system-wide meltdown of a major legacy carrier.

The New Rules of Penetration Testing

Aug 8, 2016
 In the past, penetration testing was a fancy name for breaking through a network firewall. However, as technology advances and breaches become even more dangerous – costing an average of £2.53 million, according to research sponsored by IBM – security executives need to revisit pen testing to make sure it is an ongoing practice in their defense arsenals.

How to Spot High Risk Accounts in Your Organization

Aug 3, 2016
The Danger of Stolen or Misused Credentials According to the Verizon Data Breach Report over 80% of breaches were due to stolen or misused credentials. This shows us that our access credentials are more valuable than ever which means that being able to locate our high risk access accounts has become more important than ever. Do you know who has the administrative privileges to your key applications, networks, servers, or even email programs? When you are working in a small company with only a handful of employees this information can be easily tracked.
5 Security Tips

5 Embarrassing Mistakes Found in Penetration Tests

Aug 1, 2016
As you heard from Bobby last week, it is that special time of the year, Black Hat, when all of our friends are gathered together in Vegas to see just what hacks, exploits, tips and tricks there are for us to be concerned about. As a cyber-security specialist, it’s the most wonderful time of the year. However, for consumers and business owners, it is the reminder that what you thought was safely tucked away is actually only a moment away from being breached. On the heels of the Democratic Party’s email breach and the proliferation of hacking in mainstream media with Mr.
What is?

What is Privileged Account Management?

Jul 27, 2016
Day after day we see the evidence of an increased number of breaches (ie. The DNC email hack) and as a Privileged Account Management (PAM) provider, we are seeing a similar increase in requests for proposals on our Powertech BoKS solution. Don’t get me wrong, I’m not complaining. But what I think is the most interesting is the number of people who write in and say “I’m not even sure what my privileged accounts are, how can I manage them?”  

Core Impact 2016 Pro R1.1 Now Available

Jul 26, 2016
We are pleased to announce the official release of Core Impact Pro 2016 R1.1. More than 83 updates have been added thus far, and are available through the regular update channel for all Core Impact customers who have upgraded to the latest version. The team has been working on several privilege escalations, a number of remote exploits for widely deployed software, and numerous enhancements. This release includes:

What Does 'Privileged Account' Really Mean?

Jul 6, 2016
Privileged access has become a hot topic recently. For the first time ever, the Verizon Data Breach Investigations Report actually included privileged access as its own section in the report with some not so surprising results. Below are a couple of interesting takeaways from the report:
Security lock breaking

6 Realities for Effectively Managing Privileged Accounts

Jun 29, 2016
Big or small, every organization has accounts that hold ‘keys to the kingdom’ credentials. Almost every account holds some level of privilege that can potentially be compromised, resulting in not only financial, but reputational damage.

4 Steps to a Winning Vulnerability Management Program

Jun 15, 2016
Many winning vulnerability management programs have evolved to include additional solutions and workflows, beyond scanning, adding to a larger picture required to truly understand how an adversary could and will attack. Here are few best practices to keep in mind when maturing your own vulnerability management program:

8 Tips for Penetration Testing

May 23, 2016
You think that you're safe, that your network is secure, that your firewalls are protecting you...but how will you know if you don't test it?

What's New in Access Insight 9.0?

May 2, 2016
Businesses in all industries need to manage the exploding universe of identities, devices and data employees require to do their jobs. To help make sense of the trillions of relationships, today Courion releases Access Insight 9.0. Access Insight identifies the risk associated with any misalignment between users and their access within your organization and drives provisioning and governance controls to manage that risk.
Security Compliance

Guest Post- Alex Naveira, Director, ITGA & CISO on Compliance

Apr 20, 2016
Guest Post- Alex Naveira, Director, ITGA & CISO on Compliance
Cloud Security

What does “Compliance” mean to a Healthcare CISO?

Apr 13, 2016
The role of the healthcare CISO has expanded exponentially since the HITECH Act of 2009.  CISOs were traditionally charged with the responsibility to maintain the IT environment consisting of applications and infrastructure.  Today they are taking on an expanded organizational role consisting of innovation, operational responsibility and compliance.  Although, the governance for compliancy consists of a village when it comes to leadership and stakeholders, CISOs still remain at the center of the universe.  A multitude of federal and state regulations are at the CISO’s doorstep and pressing
Digital man at computer

What is Intelligent Identity and Access Management?

Jan 21, 2016
What is Intelligent IAM? Intelligent IAM (IIAM) encompasses all the administrative processes used in Identity and Access Management (IAM), but the processes are influenced by real‐time data. IAM solutions that use intelligence continuously collect, monitor, and analyze large volumes of identity and access‐related information, combining data not only from provisioning and governance solutions but also from security products and other external systems.
IT Security

Interview with a Healthcare Security Expert: William "Buddy" Gillespie, HCISPP

Jan 13, 2016
In November we started a wonderful webinar series with industry leader William "Buddy" Gillespie, HCISPP and we introduced that series with a sit down interview. Yesterday, we concluded the series with a webinar titled "Healthcare 2020: Focus on the Future". While the webinar series may be over, our partnership with Buddy will continue and we would like to continue to showcase his knowledge through another sit down interview. Here's what Buddy had to say about the future of Healthcare IT.

Navigating Your Vulnerability Management Program

Nov 18, 2015
OK, I admit it. I use GPS to navigate some routes I’ve driven at least a hundred times. It’s a relief to hear that robotic voice helping me with every single turn on my way home. Here at Core, we asked-how can we make the vulnerability management journey easier for organizations to traverse to reduce the risk of a potential security breach? Ah, yes, a roadmap of sorts to follow to ensure a successful program!