If Time is Money, Documentation is an Investment That Pays Dividends
Considering the complexity of modern computing systems, and the ongoing merge between compliance, security, and IT management, documentation has become more important than ever. With the number of servers, desktops, routers, switches, printers, and security devices required for a business to thrive always increasing, modern networks are a complex and sometimes confusing environment. The speed at which these network environments change and grow is often hard to keep up with. Therefore, proper documentation of your network is very important.
Read More
How a Malware Incident Can Affect Your HIPAA Compliance
For organizations under obligations to meet HIPAA compliance, a malware attack can have fallout far beyond simply losing access to your systems. Leveraging new attack methodology, cyber criminals can expose, exfiltrate, and even publish patient data, adding the impact of HIPAA noncompliance to their list of risks.
Read More
Applications As a Threat Vector in the Cannabis Industry
Investors who have stakes in 3rd party application vendor companies, as well as cannabis businesses looking to implement them, need to be aware of the serious security risks that need to be mitigated in order to protect profits and avoid security incidents that could lead to fines or even legal liability lawsuits.
Read More
Hafnium & SolarWinds Attacks Are a Wakeup Call for Corporate America
The recent Hafnium and SolarWinds attacks seem to have opened the eyes of many business leaders in corporate America to the true potential impact of cyber attacks, crossing public and private boundaries alike. Many corporations have viewed their internal cybersecurity needs as just another part of the competitive landscape–every man for himself, so to speak. Recent attack trends prove that this age is long-gone, however, and it’s time to reevaluate how we define the US cyber ecosystem.
Read More
Active Directory: Your (Attacker’s) Best Access Tool
If you want IT efficiency and have a sizeable team, you are probably using Microsoft Active Directory. However, if not managed properly, this essential part of your infrastructure can become a serious risk. The fact is, access management and, more specifically, Active Directory management is a challenge for nearly every organization today.
Read More
True Digital and the Holy FAIL - Hacking APIs
After talking with a few developers and admins over the past couple of years, it's become clear that most devs/admins don't realize that these APIs can be accessed just as easily as the webapp itself. Many admins were under the impression that the API is accessible only through the internal network, as a backend endpoint. It often surprises them that we're able to not only access the API, but also to ransack it and download TONS of data about clients/users/PII/PHI/etc.
Read More
The Hafnium Exchange Hack: Identify the Signs & Mitigate Risk
There has been a flood of articles and directives coming from the most recent Microsoft Exchange Server exploits. To help you navigate advice on what steps are most important for you to take, I have endeavored here to assemble the key links and details you will need to know to help you–
Read More
I Do Not Think You Need What You Think You Need.
It is a fairly common occurrence that organizations approach us unsure what type of security testing they need because a particular security framework, best practice, or compliance requirement states they need quarterly scanning or a penetration test. While these security frameworks serve an important purpose of ensuring a standard set of expectations and requirements for organizations, the language surrounding various technical controls or Security Testing Services can be confusing, generic, or all sound very similar to one another.
Read More
Wasted Security Resources Part II: Why Adding Microsoft’s Advanced Threat Protection Makes Sense for Most of Us
Many organizations that use Microsoft’s O365 platform for email and collaboration do not utilize the Advance Threat Protection (ATP) that is built-in. Yes, unless your company has purchased the 365 Business Premium or E5 and higher license, the ATP will need to be purchased as an add-on, and the reason many opt out of the ATP is due to the associated cost per user to enable this feature. However, in many cases, adding this to your licensing will save you from having to spend more money to lock down endpoints with other technologies, not to mention the time to vet, configure, integrate, and roll those technologies out.
Read More
Securing Your 2021 Remote Workforce with Microsoft Defender
With the advent of the Covid-19 pandemic, Microsoft increased the push for its non-enterprise business Malware Security solution, marketing it as the product to protect assets as companies have their employees work from home.
Read More