Cyber Security Awareness and Vulnerabilities Blog
Jul 26, 2016
We are pleased to announce the official release of Core Impact Pro 2016 R1.1. More than 83 updates have been added thus far, and are available through the regular update channel for all Core Impact customers who have upgraded to the latest version. The team has been working on several privilege escalations, a number of remote exploits for widely deployed software, and numerous enhancements. This release includes:
Jul 6, 2016
Privileged access has become a hot topic recently. For the first time ever, the Verizon Data Breach Investigations Report actually included privileged access as its own section in the report with some not so surprising results. Below are a couple of interesting takeaways from the report:
Jun 29, 2016
Big or small, every organization has accounts that hold ‘keys to the kingdom’ credentials. Almost every account holds some level of privilege that can potentially be compromised, resulting in not only financial, but reputational damage.
Jun 15, 2016
Many winning vulnerability management programs have evolved to include additional solutions and workflows, beyond scanning, adding to a larger picture required to truly understand how an adversary could and will attack. Here are few best practices to keep in mind when maturing your own vulnerability management program:
May 23, 2016
You think that you're safe, that your network is secure, that your firewalls are protecting you...but how will you know if you don't test it?
May 2, 2016
Businesses in all industries need to manage the exploding universe of identities, devices and data employees require to do their jobs. To help make sense of the trillions of relationships, today Courion releases Access Insight 9.0. Access Insight identifies the risk associated with any misalignment between users and their access within your organization and drives provisioning and governance controls to manage that risk.
Apr 20, 2016
Guest Post- Alex Naveira, Director, ITGA & CISO on Compliance
Apr 13, 2016
The role of the healthcare CISO has expanded exponentially since the HITECH Act of 2009. CISOs were traditionally charged with the responsibility to maintain the IT environment consisting of applications and infrastructure. Today they are taking on an expanded organizational role consisting of innovation, operational responsibility and compliance. Although, the governance for compliancy consists of a village when it comes to leadership and stakeholders, CISOs still remain at the center of the universe. A multitude of federal and state regulations are at the CISO’s doorstep and pressing
Jan 21, 2016
What is Intelligent IAM? Intelligent IAM (IIAM) encompasses all the administrative processes used in Identity and Access Management (IAM), but the processes are influenced by real‐time data. IAM solutions that use intelligence continuously collect, monitor, and analyze large volumes of identity and access‐related information, combining data not only from provisioning and governance solutions but also from security products and other external systems.
Jan 13, 2016
In November we started a wonderful webinar series with industry leader William "Buddy" Gillespie, HCISPP and we introduced that series with a sit down interview. Yesterday, we concluded the series with a webinar titled "Healthcare 2020: Focus on the Future". While the webinar series may be over, our partnership with Buddy will continue and we would like to continue to showcase his knowledge through another sit down interview. Here's what Buddy had to say about the future of Healthcare IT.
Nov 18, 2015
OK, I admit it. I use GPS to navigate some routes I’ve driven at least a hundred times. It’s a relief to hear that robotic voice helping me with every single turn on my way home. Here at Core, we asked-how can we make the vulnerability management journey easier for organizations to traverse to reduce the risk of a potential security breach? Ah, yes, a roadmap of sorts to follow to ensure a successful program!
Oct 21, 2014
Where Do You Stand?
Mar 20, 2013
Why Audit Passwords? Harriet Beecher Stowe is credited with the quote "Human nature is above all things lazy" - while I prefer to think of myself as 'efficient' rather than lazy I think the principle is sound. When faced with the choice of executing a task in a difficult or simple way (with no difference in the outcome) then people will naturally choose the simple way. This leaves more physical and mental resources available for the truly challenging things in life.
Feb 11, 2013
Flavio De Cristofaro used to run our Security Consulting Services (SCS) group and long time password cracking enthusiast was recently asked to present at AppSecLatam2012 on Lessons learned from Recent Password Leaks. The following is his analysis on the exponential nature of password cracking costs.
Aug 12, 2012
When my mother emails to ask if she should be worried about the Java vulnerability the saw on the news, you know a security issue has gone mainstream. And it seems you cannot be a security company without having a blog warning of the dangers presented by the Java exploit – and while it is important that users make sure they are protected against this danger, I wanted to take a step back and make some observations around all of this noise.
Jul 24, 2009
Core Security has more going on at Black Hat USA in 2009 than ever before, with the concept of helping customers improve their overall security standing at the center of everything we plan to do.