For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security

What C-Levels Should Know about Data Security, Part I: SEC Gets Tough With ...

The Securities and Exchange Commission (SEC) warned companies back in 2011 that cyber incidents can be costly (lost revenue, litigation, reputational damage), and therefore may need to be reported to investors. Sure, there’s no specific legal requirements to tell investors about cybersecurity incidents, but public companies are required by the SEC to inform investors in their filings if there’s any news that may impact their investment decisions. Actual cyber incidents or even potential security weaknesses can…
Data Security
how to be an ethical hacker

What Does it Take to Be an Ethical Hacker?

What do you think of when you hear the term “hacker”? If you immediately envision a mysterious figure out to illegally access and compromise systems with the intent to wreak havoc or exploit information for personal gain, you’re not alone. While the term “hacker” was originally used within the security community to refer to someone skilled in computer programming and network security, it has since evolved to become synonymous with “cyber criminal,” a change in…
Data Security

Kerberos Attack: How to Stop Golden Tickets?

The Golden Ticket Attack, discovered by security researcher Benjamin Delpy, gives an attacker total and complete access to your entire domain. It’s a Golden Ticket (just like in Willy Wonka) to ALL of your computers, files, folders, and most importantly Domain Controllers (DC). There’s some instances where an attacker may have had a Golden Ticket for several years: there’s no telling what the attackers were able to steal. They got in through a single user’s…
Data Security

The Malware Hiding in Your Windows System32 Folder: Mshta, HTA, and Ransomw...

The LoL approach to hacking is a lot like the “travel light” philosophy for tourists. Don’t bring anything to your destination that you can’t find or inexpensively purchase once you’re there. The idea is to live like a native. So hackers don’t have to pack any extra software in their payload baggage to transfer external files: it’s already on the victim’s computer with regsrv32. As I pointed out last time, there’s the added benefit that…
Data Security

[Podcast] I’m Sean Campbell, Systems Engineer at Varonis, and This is How...

In April of 2013, after a short stint as a professional baseball player, Sean Campbell started working at Varonis as a Corporate Systems Engineer. Currently a Systems Engineer for New York and New Jersey, he is responsible for uncovering and understanding the business requirements of both prospective and existing customers across a wide range of verticals. This involves many introductory presentations, proof of concept installations, integration expansion discussions, and even the technical development of Varonis…
Data Security
office building lit up at night

The State of CryptoWall in 2018

CryptoWall and its variants are still favorite toys of the cybercriminals that want your Bitcoin. In fact, according to the 2018 Verizon Data Breach Investigation Report, ransomware incidents now make up about 40% of all reported malware incidents! Some reports say CryptoWall 3.0 has caused over 325 million dollars in damages since it first came on the scene. CryptoWall first appeared in the wild around 2014: since then, cybercriminals have updated and iterated on it…
Data Security

Best Practices for SharePoint Permissioning

SharePoint is Microsoft’s enterprise-class environment for sharing content: documents, presentations, spreadsheets, notes, images, and more. While SharePoint has many advantages over a raw file system in terms of content management, access to the content still has to be permissioned. SharePoint has its own permission types (view-only, limited access, read, contribute, and more) that can vary by the types of objects (lists, sites, etc.). For a complete list of all the SharePoint permissions and what they…
Data Security

What’s The Difference Between a Proxy and a VPN?

The Internet can be a scary place: we’re under near constant attack from ransomware and botnets – on work computers, personal devices, even smart home devices like thermostats and baby monitors. If you’re security conscious, you might be thinking about setting up a Virtual Private Network (VPN) or a proxy server. Proxy and VPN Defined Both VPNs and proxies enable a higher degree of privacy than you might otherwise have, allowing you to access the…
Data Security

The Malware Hiding in Your Windows System32 Folder: Intro to Regsvr32

In our epic series on Malware-Free Hacking, I wrote about techniques that let you use well-known Microsoft apps and tools to run evil custom scripts. This file-less hack-craft usually involves sneaking obfuscated VBA into Office documents. But there’s more file-less evil out there. For this new mini-series, I want to dive into something call LoL, for Living off the Land, in which hackers reuse less well-known Windows utilities to hide script payloads and cloak other activities.…
Data Security

What is a Proxy Server and How Does it Work?

The actual nuts and bolts of how the internet works is not something a people often stop to consider. The problem with that is the inherent danger of data security breaches and identity theft that come along with the cute dog pictures, 24 hour news updates, and great deals online. But what actually happens when you browse the web? You might be using a proxy server at your office, on a Virtual Private Network (VPN)…
Data Security
spear phishing hero

What is Spear Phishing?

According to the 2018 Verizon Data Breach Report, phishing and pretexting are the two favorite tactics employed in social engineering attacks, used in 98% and 93% of data breaches respectively. And last year, the IRS noted a 400% surge in spear phishing against CEOs. What is Spear Phishing? Spear phishing is a targeted attack where an attacker creates a fake narrative or impersonates a trusted person, in order steal credentials or information that they can…
Data Security
cybersecurity facts 2018

60 Must-Know Cybersecurity Statistics for 2018

Cybersecurity issues are becoming a day-to-day struggle for businesses. Trends show a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices. Additionally, recent research suggests that most companies have unprotected data and poor cybersecurity practices in place, making them vulnerable to data lass. We’ve compiled 60 cybersecurity statistics to give you a better idea of the current state of overall security, and paint…