Introducing the Cyber Handyman If you’re a homeowner like me, hopefully you have a few basic around-the-house skills – changing a light bulb, fixing a loose door handle, unclogging a shower drain, making sure the deadbolts lock properly. I run into a new issue every week it seems. If you’re fortunate, there’s at least one… Read More
It’s no secret that people are often the weakest link in the cyber security chain. More than 50 percent of security breaches are due to human error. But is it as simple as pointing to gross carelessness or negligence for these mistakes? Oftentimes basic human nature can be exploited by social engineers who are skilled and opportunistic…. Read More
Insider threats continue to be a concern for organizations. New research conducted by Crowd Research Partners, in coordination with the LinkedIn Information Security Group, reveals that 74 percent of organizations feel vulnerable to insider threats, while 54 percent of security professionals say insider threats are more common overall. Part of the problem is that most organizations… Read More
For the final blog post in our series on lessons learned from 2016 security assessments, we’ll discuss a high-risk issue our penetration testers and consultants often come across: filtering malicious emails. In our assessments, sending phishing emails with malicious payloads or links is the most common method we use to get initial access to a network…. Read More
There’s no doubt that bank data breaches cost businesses money, but there are costs associated with breaches that add up beyond a round dollar figure. Most studies that calculate the costs from breaches focus on short-term quantifiable costs such as discovering and mitigating the breach and recovering assets. But the long-term, indirect breach costs — costs such as hits to… Read More
In our previous blog posts, we demonstrated how important it is for penetration testers to get credentials that grant administrative access over hosts within the organization to escalate their permissions. This week, we will discuss a relatively recent privilege escalation technique known as Kerberoasting, which pen testers and malicious hackers can use to crack weak network service account… Read More