search
top

Attending the BCAware Security Conference


Meeting Brian Krebs at the BCAware Conference

One of the most exciting parts of the BCAware conference was getting to meet Brian Krebs live in person!

During his talk he shared some interesting topics such as how cyber criminals are using websites similar to https://haveibeenpwned.com/  

Except, that these “other” websites will actually list out the users leaked password(s) in plaintext. And, with this method attackers can now attack various social media, banking and other commonly used services online to possibly find valid emails/passwords to accounts.

Another topic was related to how cyber criminals determine how much money to ask for during a ransomware attack. The typical amount seems to point at about 10% of total revenue a business makes from the previous year. This way, they do not ask for too much or too little. It gets close to an amount that the organization can afford, and finds would be cheaper than to recover from backups or rebuilding the environment.

Read The Full Post

Recover Keys – Part 2 – Scanning Devices on the Network

In this Part 2 review of Recover Keys, we will look at how we can scan machines via the network. For most users, I don’t believe this option will be used too often. The average home user that purchase a license for personal use could just uninstall and install the tool on each machine they want to grab license keys off of, or buy a license for multiple machines.

For larger organizations this tool is excellent as it can be installed in one location on a single machine. You also get the ability of being able to extract the license keys via the network, which makes this tool much more efficient and valuable. At the end of the day it is all about saving and making the best use of time.

If you haven’t read Part 1 of using Recover Keys (scanning a local machines) you can check it out here: https://www.stealthbay.com/recover-keys-part-1-scanning-a-local-machine/

Read more Of This Post

Passing the GCIH Exam

I’m proud to announce that I have now obtained my SANS – GIAC GCIH certification. It was a long process, and I pushed myself to get it done before the start of the New Year – 2020.

New SANS GIAC changes to exams

One thing that was particularly new for me compared to the other 2 SANS exams I’ve done was the lab questions. SANS with GIAC now has added a section that tests your knowledge through a virtual lab. Now, I have to say I think it’s actually pretty awesome! It puts your real world skills to the test to see if you can actually can apply needed practical skills. It also gives companies assurance that their employees are also getting and being tested on real hands on work and not just theory based topics.

Read more Of This Post

Google Data Self Destruct

Google Loves Your Data

Google has been following people around for ages. I always point out to people the fact that they state how they would use Google for everything. Whether it’s for using email, spreadsheets, google drive for file storage, chrome as a browser etc… Yet, none of them ever questioned how Google is not charging them for these services? Let’s face it, no company can provide free services, and yet eat up expenses for too long. When I tell people the fact that Google indeed profits off the data from each user. That is truly when people start to realize, and even question that they may be sharing more than they want with Google.

What do I think about Google keeping tabs?

Read more About This Post

Equifax Breach Lessons Learned

Equifax Breach Lessons Learned

After reading the Equifax breach report released by U.S. House of Representatives Committee on Oversight and Government Reform. This would be a great post to summarize and list out key items that went wrong in the Equifax breach. Hopefully, it will lead to a wake up call for other companies in order to better their own information security. 

 

Security Representative on the Core team

It’s highly important to have someone that understands information security on your core team. Many times, the task gets pushed to the Legal or IT team core team members. This is one of the reasons that led to the breach. IT operational tasks and security tasks need to fall under a specific leader. Ideally, someone that understand security and not just IT. In Equifax’s case, security was represented by the IT team core member. However, their views were not in line with the security team leader. Therefore, something that may be of risk may not reach the CEO’s level and will get missed. However, Read The Full Post

« Previous Entries

top
Secured By miniOrange