Cyber Security Awareness and Vulnerabilities Blog

When conducting a penetration test, most testers will develop some type of process, and repeat that same process on every engagement. As I think through the basics of penetration testing, I believe that process can be broken up into six steps. They are: Information…

Read More

Here is the summary of all exploits released since April 2nd, the last Dot Release: 16 Updates overall  9 Remote exploits 4 Client-Side exploits 3 Product updates Here is the list of published updates: Remote Exploits: Disk Pulse Enterprise GET Buffer Overflow Exploit Disk Savvy Enterprise Buffer Overflow Exploit DiskBoss Enterprise Buffer…

Read More

identity-governance.png

Bridge at night with lights shining

Identity Governance & Administration (IGA) is commonly defined as “the policy-based centralized orchestration of user identity management and access control. Identity governance helps support enterprise IT security and regulatory compliance.” Or put into simpler terms, it’s putting in place a solution to ensure…

Read More

Much like how I complain that I’m not losing weight - even though my treadmill has become a clothing rack- security only works if you use it. And, yes, I know I picked on the sales guys (and girls) in the title but,…

Read More

Today, we are thrilled to announce the next step in our Identity Governance and Administration journey, the release of Core Access Assurance Suite 9.1. While not a major release, AAS 9.1 includes updated UX and UI changes which show our continued commitment to visualizing…

Read More

It’s important for all organizations to periodically assess and test security vulnerabilities, to better evaluate risk and be ready to detect, prevent and respond to threats as they happen. Vulnerability assessments, penetration tests and Red Teams help you identify and prioritize security risks,…

Read More

The Impacts 18.1 release last month brought a ton of streamlined enhancements and new capabilities to the client-side vector in general, and phishing in particular. To be clear on terms, I consider phishing to be inducing a target to follow a link presented…

Read More

When first reading this article, the thought of, “Well it’s about time, identity has a place at RSA” quickly came to mind. Even if you don’t agree with everything listed, some items mentioned are mere table stakes for a new way of thinking about…

Read More

Here is the summary for all of the exploits and updates shipped to Impact 18.1 since its release (on Feb 14th): 14 Updates overall 3 Remote Exploits 5 Client-Side Exploits 3 Local exploits 3 Product Updates   Here is the list of published updates: Remote Exploits: Symantec Messaging Gateway performRestore OS Command…

Read More

We all know that there are clear problems in the industry when it comes to role design and entitlement certification. Problems like: Lack of visibility: Most entitlements and user access logs are kept in spreadsheets, whether on their machine or in an online tool,…

Read More