Category Archives: Penetration Testing
Popular Cyber Attacks: Why Due Care is so Important for Reasonable Security
Popular Cyber Attacks and Due Care for Reasonable Security. As children, we enjoyed reading the many fairytales that began with, “Once upon a time.” As adults in the workplace, we regrettably read the stories of so many recent cyber attacks that start with, “Someone opened a phishing email.” (more…)
Why Penetration Testing Is Critically Important
Penetration Testing: How Breaking Security Helps Bolster Defense (more…)
Your Employees are Targets. Social Engineering is Increasing.
Even with advanced technology and security, your data is still at risk. Studies indicate that hackers are focusing on your teams to gain access to your networks and information. Social engineering is on the rise. This is a method of manipulating your teams into performing actions in order for an unauthorized person to get access to your systems and data. (more…)
SecureXII – 12th Annual ISSA and ISACA Chicago Chapters Security Conference and Networking Cruise
The 12th Annual ISSA and ISACA Chicago Chapters Security Conference and Networking Cruise – HALOCK was a proud attendee and sponsor at the educational and networking event. It was wonderful to connect with infosec leaders in the Chicagoland area. We hope to meet more in future events. (more…)
Infosec Poster: Payload
Prevent hackers from hitting the PAYLOAD with these cyber security awareness tips.
What are Smishing Attacks and why are they Increasing?
Two things are inherently true when it comes to cyber criminals. The first is that they follow the money. This is why ransomware grew to a billion dollar business overnight. The second is that like water, their efforts flow towards the path of least resistance. Cyber criminals are like many people, they go for the easy money. Phishing has been the dominant delivery method for malware and cyber attacks for a number of years now. However, phishing is not as easy as it used to be. Spam filters and email gateways now react quickly in shutting down a malicious email domain. Email security technology is now using analytics to more accurately identify behavior abnormalities and possible email threats. Even users are growing more guarded when opening emails and are becoming more astute at identifying suspicious links and attachments. We have a long way to go of course, but it is getting better. (more…)
NEW BOTNET DISCOVERED CALLED JENX
Another day, another cyber threat discovered. Last week the world was introduced to yet another cyber menace referred to as Jen-X. No, not Generation-X, JenX, a new botnet that offers DDoS attacks for hire. Dubbed JenX, the new botnet is recruiting IoT devices and is marketing its ware over the Internet , openly offering up to up to 300Gbps attacks for as little as $20. The size of these advertised attacks are capable of disrupting organizations that lack the tools to combat DDoS attacks. The front of the operation is a gaming server rental business that operates under the domain name – sancalvicie.com. Behind the scenes of this seemingly innocent gaming site is the command and control server located at skids.sancalvicie.com that manages the devices within the Botnet. The DDoS service is listed as a rental offering on the website called Corriente Divina. (more…)
8 Things to Help Make This Year’s Penetration Testing a Success
8 Things to Help Make This Year’s Penetration Testing a Success – From a macro point of view, 2017 was a rough year when it comes to cyber security. As spring turned into summer last year, we watched the WannaCry and NotPetya malware viruses implement global infestation, creating lost productivity that negatively affected both quarterly earnings and stock prices, costing some companies billions. (more…)
VULNERABILITY N+1
VULNERABILITY N+1. AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR
As Americans, we love lists. That fact is self-evident when browsing our favorite blog sites, as many blogs start out with catchy headlines like, “The Top 5 ______ (fill in the blank).” The love of lists is rooted deeply in our culture. We loved the Top 40 countdown for generations when it came to the hottest songs on the radio. Every New Year’s Eve we anticipate the unveiling of the Top X of all types of erroneous information concerning the past year. David Letterman made a living with a nightly “Top 10 Reasons” segment of his show. Lists are concise, abbreviated, and fun. It’s no wonder why this adoration for lists is carried into how we approach cyber security. Every three years or so, we look for the unveiling of the OWASP Top 10 Most Critical Application Security Risks because it compiles all those nasty potential risks and vulnerabilities into one simple list. (more…)