Can Our Crystal Ball Hack It? 2017 Varonis Cybersecurity Predictions

sparkler

Everyone makes predictions at this time of year, but who looks back to check on their accuracy? Let’s have a look at some of last year’s omens before directing our forecast lens to 2017. Our first prediction for 2016: The U.S. Presidential campaign will be affected by a cyber attack. We were on to something […]

Continue Reading →

Is Security a Benefit or a Feature?

pexels-photo-67094

I recently came across a tweet that was shared during the Infosecurity Magazine Conference in Boston,  “Security is a benefit, but not always a feature.” The reason? You can spend a lot of money and still be hacked or not spend a dime and not be hacked. How did the Inside Out Security Show panel […]

Continue Reading →

Pen Testing Active Directory Environments, Part III:  Chasing Power Users

lion-animal-portrait-africa-safari-40196

For those joining late, I’m currently pen testing the mythical Acme company, now made famous by a previous pen testing engagement (and immortalized in this free ebook). This time around I’m using two very powerful tools, PowerView and crackmapexec, in my post-exploitation journey into Acme’s IT. Before we get into more of the details of […]

Continue Reading →

Internet Security Basics: How to Protect Yourself Online

Internet Security Basics - How to Protect Yourself Online

It’s the holidays, which means one thing if you’re in IT: dealing with eggnog related support tickets. It’s hard to get excited about a small holiday light display that comes around once a year when you spend weeks at a time in a large frosty room, sporting thousands of machines with dozens of flashing leds […]

Continue Reading →

Password Expert Per Thorsheim on Biometrics and Keystroke Dynamics

perthorsheim

Based in Norway, Per Thorsheim is an independent security adviser for governments as well as organizations worldwide. He is also the founder of PasswordsCon.org, an annual conference that’s all about passwords, PIN codes, and authentication. Launched in 2010, the conference invites security professionals & academic researchers to better understand and improve security. In part one of our discussion with […]

Continue Reading →

New Mirai Attacks, But It’s Still About Passwords

hackerware

Last week, Mirai-like wormware made the news again with attacks on ISPs in the UK. Specifically, customers of TalkTalk and PostOffice reported Internet outages. As with the last Mirai incident involving consumer cameras, this one also took advantage of an exposed router port. And by an amazing coincidence, some of the overall points about these […]

Continue Reading →

A Technologist’s Hippocratic Oath

vintage-typewriter

Last month, there was a thought-provoking article on programmers who were asked to do unethical work on the job. We often talk about balancing security with precaution and paranoia, but I wondered about the balance of ethics and execution. As always, I was curious to hear the reactions from the Inside Out Security Show panel […]

Continue Reading →

Password Expert Per Thorsheim On Life After Two-Factor Authentication

perthorsheim

Based in Norway, Per Thorsheim is an independent security adviser for governments as well as organizations worldwide. He is also the founder of PasswordsCon.org, an annual conference that’s all about passwords, PIN codes, and authentication. Launched in 2010, the conference invites security professionals & academic researchers to better understand and improve security. In part one of […]

Continue Reading →

Pen Testing Active Directory Environments, Part II: Getting Stuff Done With PowerView

powerlifter

In my last post, I began discussing how valuable pen testing and risk assessments can be done by just gathering information from Active Directory. I also introduced PowerView, which is a relatively new tool for helping pen testers and “red teamers” explore offensive Active Directory techniques. To get more background on how hackers have been […]

Continue Reading →

Why UBA Will Catch the Zero-Day Ransomware Attacks (That Endpoint Protection Can’t)

road-man-lights-legs

Ransomware attacks have become a major security threat. It feels like each week a new variant is announced –Ransom32, 7ev3n. This malware may even be involved in the next big breach. New variants such as Chimera threaten to not just ransom your data, but also leak it online if you don’t pay up. These cyber […]

Continue Reading →

Life of an IT Pro

control-room

Like many in IT, you can probably commiserate with this week’s Inside Out Security Show panel – Mike Buckbee and Alan Cizenski – on elaborating when someone asks you, “What Do You Do for a Living?” Whether you’re a programmer or a sysadmin, the scope of your role is often multi-faceted and complex. In this […]

Continue Reading →