Multi-Factor Authentication is the New Standard The use of a password for authentication is technically referred to as single factor authentication. The fact is that anything beyond a game site or online news source should be protected by more than just single factor authentication. In the hyper-connected world in which we live in today, it […]
A new variant of ransomware is spreading via poorly secured websites and the Chrome Web Browser. Users are fooled into downloading what they think is a missing font pack in order to resolve the error. This attack technique is not uncommon, and has been recently reported delivering click-fraud malware, and now, ransomware. Click-fraud malware is […]
Social media seems harmless enough especially when your employees stick to using it for personal reasons, but it can indirectly be responsible for critical security breaches. With some social engineering and patience, an attacker can use personal social media profile information to gain access to your corporate network. The attack is completely outside of your […]
As threat technology rapidly advances, hackers and threat actors leverage all the means at their disposal to deliver malware and compromise your systems and information. To expose these threat actors, a lot of organizations rely heavily on experts in the cyber security field to perform penetration tests and compromise assessments.
By Todd Hacke Tax season is a hectic time of year for not only organizations but their employees. This year attackers are looking to take advantage of this turbulence with a simple social engineering inquiry that could land them a gold mine of personal and financial information. It turns out all they have to do […]
By Morgan Rickel PMP, QSA If you are a merchant considering the implementation of a mobile payment acceptance solution, or if you are currently using one, the Payment Card Industry Security Standards Council (PCI SSC) has determined that one of the major risk factors in validating mobile payment acceptance applications with the Payment Application Data […]
By Todd Hacke The moment you realize you are experiencing a network-based breach, you may not know what to do. Minute one, hour one, day one, what should a technical team do to respond to a breach while it’s still in play? While having a full incident response plan, a trained response team, and well-placed […]
Over years of penetration testing, HALOCK has seen some enduring security vulnerabilities. They are so common, in fact, that we have come to expect to see them in the field. Many information security breaches occur because authentication vulnerabilities permit unauthorized access to applications, systems and data. If you were to follow these tips, our penetration […]
Attackers have figured out how to crack even what you and I think are the toughest passwords. HALOCK pen testers almost always find passwords as a weak spot in every investigation. With so much at stake, it’s a wonder why password safety still isn’t being taken seriously.
The use of social media like Twitter, Facebook, Instagram, Tumblr, Google Plus, LinkedIn and others have been steadily growing. It is used not only between individuals connecting with their “tweeps,” but also for businesses connecting with their customers, and even politicians with their constituents. Social media platforms have become a forum for sharing all manner […]