Category Archives: Data Security

Koadic: Implants and Pen Testing Wisdom, Part III

Koadic: Implants and Pen Testing Wisdom, Part III

One of the benefits of working with Koadic is that you too can try your hand at making enhancements. The Python environment with its nicely organized directory structures lends itself to being tweaked. And if you want to take the ultimate jump, you can add your own implants. The way to think about Koadic is that it’s a C2 server that lets you deliver Javascript malware implants to the target and then interact with them from…

What is a Brute Force Attack?

Brute Force Attack

A brute force attack (also known as brute force cracking) is the cyberattack equivalent of trying every key on your key ring, and eventually finding the right one. 5% of confirmed data breach incidents in 2017 stemmed from brute force attacks. Brute force attacks are simple and reliable. Attackers let a computer do the work – trying different combinations of usernames and passwords, for example – until they find one that works. Catching and neutralizing…

What is ITAR Compliance? Definition and Regulations

ITAR Compliance

The International Traffic in Arms Regulations (ITAR) is the United States regulation that controls the manufacture, sale, and distribution of defense and space-related articles and services as defined in the United States Munitions List (USML). Besides rocket launchers, torpedoes, and other military hardware, the list also restricts the plans, diagrams, photos, and other documentation used to build ITAR-controlled military gear. This is referred to by ITAR as “technical data”. ITAR mandates that access to physical…

The World’s Most Creative Data Centers: Infographic

creative data centers

Data centers are facilities used to house computer systems and associated components. They are vital to the daily operations of a network and are home to it’s most pivotal systems and equipment. Sound glamorous? Actually, it is. As data privacy becomes more and more important, data centers need to be placed in extraordinary locations in order the ensure maximum security. This need for security, coupled with the fact that data centers are required to be…

Threat Modeling: 6 Mistakes You’re Probably Making

Threat Modeling

Threat modeling is the new normal for modern cybersecurity teams. Predicting threats and testing all possible permutations of those threats and vulnerabilities is a difficult job. Companies spend hundreds of work hours to develop a comprehensive security strategy and the appropriate threat modeling to test, verify, and enhance the strategy over time. We will discuss mistakes security teams make while creating their threat models, along with strategies on how to use threat modeling as a…

5 Ways to Protect Active Directory with Varonis

5 Ways to Protect Active Directory with Varonis

The fastest way to break into someone’s network is through Active Directory (AD) – it’s the key to the entire kingdom. If you need access to any server, you need to ask AD for permission. Varonis monitors Active Directory to protect you from a myriad of cybersecurity threats. By combining knowledge of AD, file server activity, and perimeter telemetry, Varonis can detect threats in AD before they become full-blown data breaches. Technical note: Active Directory…

CryptoLocker: Everything You Need to Know

CryptoLocker

CryptoLocker is by now a well known piece of malware that can be especially damaging for any data-driven organization. Once the code has been executed, it encrypts files on desktops and network shares and “holds them for ransom”, prompting any user that tries to open the file to pay a fee to decrypt them. For this reason, CryptoLocker and its variants have come to be known as “ransomware.” Malware like CryptoLocker can enter a protected…

8 Events That Changed Cybersecurity Forever

computer hacker

“Those who cannot remember the past are condemned to repeat it.” – George Santayana The first computer virus was created in the early 1970s and was detected on ARPANET, the predecessor to the internet. In 1988 the first computer worm was distributed, gaining mass mainstream media attention. A quarter of a century later and viruses have evolved to become a pandemic. Viruses have proliferated quickly and malware has become more complex. Cyber attacks happen daily…

A Guide on the Data Lifecycle: Identifying Where Your Data is Vulnerable

A Guide on the Data Lifecycle: Identifying Where Your Data is Vulnerable

Data is a company’s most valuable asset. To maintain data’s value, it’s vital to identify where that data is vulnerable. According to data and ethics expert Dr. Gemma Galdon Clavell, there are five major moments where data is most vulnerable: collection, storage, sharing, analysis, and deletion. These vulnerability points increase the risk of a data breach – and we’ve all heard about the costs of having one. Many of these vulnerability points are part of…

Cerber Ransomware: What You Need to Know

cerber ransomware

Cerber ransomware is ransomware-as-a-service (RaaS), which means that the attacker licenses Cerber ransomware over the internet and splits the ransom with the developer. For a 40% cut of the ransom, you can sign-up as a Cerber affiliate and deliver all the Cerber ransomware you want. Most ransomware doesn’t use this service paradigm. Typically, an attacker would adapt and deliver the ransomware and keep all of the money. By setting up Cerber as RaaS the developer…

Varonis DatAlert and IBM QRadar

Varonis DatAlert and IBM QRadar

Varonis now integrates with the IBM QRadar Security Intelligence Platform, with the Varonis App for QRadar. The Varonis App for QRadar adds context and security analytics to simplify investigations, streamline threat detection, and build more context around security alerts and incidents. You can view Varonis alerts directly in IBM QRadar – and can drill down and investigate alerts in the Varonis Web UI for additional insight, accelerating security investigations. We correlate Varonis alerts with events collected by IBM QRadar,…