Security News

Security News2018-05-30T15:32:31+00:00
2604, 2018

50 Shades of Administration – Managing Domain Admin Privileges

By |April 26th, 2018|Categories: Information Security News|

50 Shades of Administration During our work, both our auditors and engineers have noticed a common issue our clients large and small have – overly permissive administration accounts.  Many times, we see all IT users given a Domain Admin account, from the greenest helpdesk tech, to the person overseeing the network.  Microsoft’s Active Directory has a couple of different ways to grant rights to a user, group, or organizational [...]

2203, 2018

New Easy Password Standards? Not so Fast!

By |March 22nd, 2018|Categories: Information Security News|

Passwords… it's no secret; most of us are really bad at creating and maintaining passwords. In fact, 81% of hacking related breaches leveraged either stolen or weak passwords. But unfortunately, passwords won't go away any time soon. Almost every resource, application, web site, and the like requires some form of username and password. Because of this, it's no surprise that almost all of us struggle to follow recommended password [...]

803, 2018

Mimikatz – How it is Used to Exploit your Network

By |March 8th, 2018|Categories: Information Security News|

Bad Kitty How Mimikatz is used to exploit your network and what you can do about it. For this blog post I wanted to highlight a common attack vector that we often use in our penetration testing. My goal is to run through the process at a high level, and then cover some of the steps you can take to mitigate your risk. Specifically, this post will cover a [...]

2202, 2018

Saying Goodbye to NetBIOS

By |February 22nd, 2018|Categories: Information Security News|

NetBIOS (Network Basic Input/Output System) was created in the early 1980's, but is surprisingly still alive and well on many networks today. Microsoft Windows still uses it for its name resolution function (often by default), when DNS is not available. Network resiliency and access to resources is a good thing, but keeping NetBIOS enabled for that reason, is not. There are many security concerns with NetBIOS; and disabling its [...]

2812, 2017

5 Top Laptop Security Tips

By |December 28th, 2017|Categories: Information Security News|

Today's mobile workforce has generated the awareness and subsequent need for mobile security like never before. As data growth increases, the requirements set forth in new laws and regulations also demand that organizations demonstrate due-care in protecting sensitive customer data. Meanwhile, the ever-increasing amount of sensitive data continues to find its way onto laptops and adds additional threats to these devices. Because of these threats, organizations should follow a [...]

1210, 2016

Penetration Test and the Vulnerability Assessment

By |October 12th, 2016|Categories: Information Security News|

Penetration Test vs the Vulnerability Assessment Some say Potato, some say Patato. The term "Penetration Test" has been thrown around a lot in the Information Security industry. Some vendors and institutions use the term Penetration Test interchangeably with "Vulnerability Scan" (or Assessment), when in fact, the two define very different scopes, methodologies, and deliverables. The recently updated FFIEC Information Security Booklet discusses these types of tests and offers definitions [...]

Load More Posts

“Easy to work with, have contact and communication with. Jeremy was always in contact and willing to discuss/explain things!”

— EN $150M FI in Northeast

Keep your institution off the evening news. Contact us today!