Beware: CryptoWall 4.0 is on the loose!

red-bricks-wall-animal

Vulnerabilities and threats are a lot like popularity contests in terms of how they get viewed by the media. The latest threat that’s getting extremely popular— some might even say #winning — is ransomware. It’s a type of malware that encrypts a victim’s files and subsequently demands a ransom in exchange for the key that […]

Continue Reading →

How to track unstructured data KPIs for the C-level

kpis

DatAdvantage has built-in reports to help track key metrics, in order to protect your data from overexposure and protect sensitive files. These KPI reports provide immediate and long-term benefits, allowing you to track and maintain the status of any change or remediation effort, maintain the stability of existing unstructured repositories, and identify, and remediate anomalies before they […]

Continue Reading →

Living Off the IT Land With Malware-Less Hacking

wood-nature-sun-forest-large

We’ve been lately hearing more about the trend in malware-free attacks. At RSA 2015, it was a topic of conversation by security pros. Ed Skoudis told us about it as well in our interview. And Dell SecureWorks has been on the case with what they refer to as hackers’ “living off the land”. Ultimate Stealth We […]

Continue Reading →

Penetration Testing Explained, Part IV: Making the Lateral Move

800px-2006_09_09_Ohio_State_vs_Texas

You can think about the post-exploitation part of penetration testing as an army or rebel force living off the land. You’re scrounging around the victim’s website using what’s available — shells, networking utilities, berries, poorly protected password files, etc. Kidding about the berries, but the idea is to import as little malware as possible and […]

Continue Reading →

Today I Learned: How to exfiltrate files from a machine via DNS

cute-cuddly-toy-cartoon-costume

Each week, we’ll bring you the latest news on exploits, protecting your perimeter and keeping your data secure. Informative. Entertaining. Best of all, each post is like an energy bar for IT! It’ll take you less than 2 minutes to read. Enjoy! Computers compromised by malware are like a man dressed in a panda suit. In […]

Continue Reading →

Basic Powershell: Get-Command, Get-Help, Get-Member

powershell2

In this post we’re going to learn three very useful cmdlets: get-command, get-help, and get-member. This very basic foundation language will eventually empower us execute task-based cmdlets. By the way, PowerShell is fundamentally case insensitive. There are instances when you’ll need to pay attention to how you type them, like with Active Directory Services Interface, so we’ll cover […]

Continue Reading →

EU and US’s Shift to Borderless Data Security Law: Threat to the Internet?

allen_brandt

By now, most people in the industry have heard about the upcoming changes to the European data protection rules in moving beyond the 1995 Directive. In the current environment, each member state enacts local rules to comply with the overall Directive. But with the new Data Protection Regulation (DPR) , the rules are set by […]

Continue Reading →

[INFOGRAPHIC] How to Create a Diversity & Inclusion Program

diversity

“You should not be doing diversity for diversity sake,” says Allison F. Avery, a Senior Organizational Development & Diversity Excellence Specialist at NYU Langone Medical Center. In my recent interview with Ms. Avery, Infosec Can Implement Diversity & Inclusion Programs to Address Workforce Shortage and Make More Money Too, she clarified common misconceptions about Diversity […]

Continue Reading →

Complying with Canada’s Personal Information Protection and Electronics Documents Act (PIPEDA)

pipeda

While in the US we’re still struggling with a national data security law, our northern neighbor has had uniform rules since 2000. It’s the law of the land in Canada for private companies to have security safeguards in place to protect personal information and to limit the retention of data. It’s a Privacy by Design […]

Continue Reading →

How Infosec Can Implement Diversity & Inclusion Programs to Address Workforce Shortage and Make More Money Too

allison-avery-diversity

Data breaches keep on happening, information security professionals are in demand more than ever. Did you know  that there is currently a shortage of one million infosec pros worldwide? But the solution to this “man-power” shortage may be right in front of and around us. Many believe we can find more qualified workers by investing […]

Continue Reading →