Tag: InfoSec Resources

Introduction The increase in the use of mobile applications comes with an increase in hackers targeting them. A Symantec survey found that 1 in 36 devices had high-risk apps installed. Mobile… Go on to the site to read the full…

Read more →

Introduction Is it possible for you to ignore an email sent by your boss? Phishers believe that you probably would not, and this is the reason they are getting better at mimicking them. According to… Go on to the site…

Read more →

Introduction In this episode of Infosec’s Cyber Work podcast series, host Chris Sienko chats with Evan Reiser, CEO of Abnormal Security. They discuss where email attacks are headed in 2020, as well… Go on to the site to read the…

Read more →

Introduction Sandboxing is well known for its ability to execute code safely without potential malicious effects afflicting a system. They are normally used when testing out how programs and… Go on to the site to read the full article  …

Read more →

Introduction  When system features are used against the system itself, attackers have a unique opportunity to use the in-built capabilities of a computer to make it do what they want.  Everyone knows… Go on to the site to read the…

Read more →

Introduction Trust is an important part of any relationship and once it has been established, you can generally ignore any kind of vetting you have to do for the person. When you trust someone,… Go on to the site to…

Read more →

Introduction Computers have been categorized by a variety of user accounts for years, with Windows systems being no exception. Having different types of accounts makes computer management easier for… Go on to the site to read the full article  …

Read more →

Introduction In this episode of Infosec’s cybersecurity podcast series Cyber Work, host Chris Sienko talks with David Balcar, security strategist at Carbon Black. They discuss a wide range of topics,… Go on to the site to read the full article…

Read more →

Introduction  For a wireless technology standard formally established in the 1990s, Bluetooth has shown remarkable resilience and longevity. More than two decades later, we now have more… Go on to the site to read the full article   Advertise on…

Read more →

Introduction In this article, we’ll discuss some of the basic protocols that are commonly used in computer networking. A good understanding of computer networking is required by fresh hackers in… Go on to the site to read the full article…

Read more →

The rising demand for infosec jobs The demand for cybersecurity jobs hasn’t waned in the last decade. On the contrary, the talent gap has been widening. And given the growing magnitude of data… Go on to the site to read…

Read more →

Introduction In this episode of Infosec’s Cyber Work podcast, host Chris Sienko spoke with Anu Yamunan, VP of product management and research at Exabeam. They discussed her 18-year experience path of… Go on to the site to read the full…

Read more →

Introduction Jackpotting malware is not well known because it exclusively targets automated teller machines (ATMs). This means it usually doesn’t directly affect a large number of people. However,… Go on to the site to read the full article   Advertise…

Read more →

Introduction RS-232 and RS-485 both belong to the serial interface family. A serial interface is a communication interface in which data is transmitted bit by bit. A high logical voltage is… Go on to the site to read the full…

Read more →

Introduction In this episode of Infosec’s Cyber Work podcast, host Chris Sienko chats with Balaji Parimi, founder and CEO of CloudKnox Security. They discuss current problems with Role-Based Access… Go on to the site to read the full article  …

Read more →

Introduction One of the many recurring themes in cybersecurity echoes one of the great mottos in life of “the only thing constant is change.” Ransomware is no exception to this rule, and this is best… Go on to the site…

Read more →

Introduction They say that simplicity is key in life and this could not apply to anything more than it does to user authentication. Imagine being able to securely use one set of login credentials for… Go on to the site…

Read more →

Introduction When attackers have established a foothold in a system, one of their primary objectives is typically to find user (or otherwise privileged) credentials — usernames and passwords…. Go on to the site to read the full article   Advertise…

Read more →

Introduction Many people wrongly believe that Mac computers are unable to get viruses. This belief is far from true. nVir, the first virus targeting Macintosh computers, appeared in 1987 and remained… Go on to the site to read the full…

Read more →

Introduction In this episode of Infosec’s cybersecurity podcast series Cyber Work, host Chris Sienko talks with Curtis Brazzell, managing security consultant at Pondurance, a managed detection and… Go on to the site to read the full article   Advertise on…

Read more →

Introduction Computer networking is one of the most important skills that incident responders are required to have. Analyzing network traffic as an incident responder is about more than just noting… Go on to the site to read the full article…

Read more →

Introduction Though they offer undeniable benefits of mobility, cost and convenience, wireless networks are less desirable from a security perspective. There is always a risk that signals can get… Go on to the site to read the full article  …

Read more →

Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named Gitlab. HTB is an excellent platform that… Go on to the site to…

Read more →

Introduction: Why attend conferences? This year will bring plenty of opportunities for professionals to attend conferences, getting them exposed to new products and tools showcased by companies… Go on to the site to read the full article   Advertise on…

Read more →

Introduction There are many options available to a Windows 10 user when it comes to managing computer networks, both wired and wireless. Some of them are incredibly vital while others offer less… Go on to the site to read the…

Read more →

The OWASP Project The Open Web Application Security Project (OWASP) is best known for its list of the top ten web application vulnerabilities. This list is updated every few years and is designed to… Go on to the site to…

Read more →

Introduction: What role does forensic science play in cybercrime investigations? As cybercrimes grow in terms of number of attacks and cost to organizations and businesses, it is obvious that… Go on to the site to read the full article  …

Read more →

Introduction Coke versus Pepsi. Mac versus PC. Red versus Blue. There are some arguments that have been around for so long that the idea of one side or the other being 100% correct are slim to none…. Go on to…

Read more →

Introduction The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is all about the security of critical Infrastructure. NIST SP 800-30, Rev. 1 defines critical… Go on to the site to read the full article   Advertise on…

Read more →

Introduction A Remote Access Trojan (RAT) is part of the malware family. It enables covert surveillance, a backdoor channel and unfettered and unauthorized remote access to a victim’s computer. Using… Go on to the site to read the full article…

Read more →

Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named Aragog. HTB is an excellent platform that… Go on to the site to…

Read more →

Introduction The use of APIs is now ubiquitous, and the “API economy” is well and truly established. From cloud-based services, back-end services for mobile apps, internal server-to-server services,… Go on to the site to read the full article   Advertise…

Read more →

Introduction Years ago, I was just starting out in tech. I was located at a remote facility compared to the rest of the company, and we had someone that was demanding domain administrator… Go on to the site to read…

Read more →

Introduction It’s frustrating when a Windows operating system fails to boot or restarts unexpectedly. Maybe the problem is a corrupted disk or missing files, or maybe you just can’t be sure. … Go on to the site to read the full…

Read more →

Introduction Windows 10 has been on a roll, offering users unprecedented choice regarding both customization of their system and different ways to get things done — including recovery options.  Reset… Go on to the site to read the full article…

Read more →

Introduction Since its first appearance in the Windows OS family in Windows 7, the Backup and Restore utility has been the go-to for managing the all-too-important backup and restore jobs Windows… Go on to the site to read the full…

Read more →

Introduction The Internet of Things (IoT) incorporates everything from tiny sensors and devices to huge structures like cloud computing. IoT includes the major networks types, such as vehicular,… Go on to the site to read the full article   Advertise…

Read more →

Introduction The National Institute of Standards and Technology’s Cybersecurity Framework, or NIST CSF, was first published in 2014 to provide voluntary guidance for organizational cybersecurity… Go on to the site to read the full article   Advertise on IT Security…

Read more →

Introduction Drivers are an essential group of files that allow a hardware component(s) to communicate with the computer’s operating system (OS). If an attacker successfully exploits a kernel-based… Go on to the site to read the full article   Advertise…

Read more →

Introduction Passwords, the long-relied-upon information security measure that helps secure billions of user accounts daily, have become a little long in the tooth. When you consider advances in… Go on to the site to read the full article   Advertise…

Read more →

Introduction to injection Injection attacks are considered some of the most dangerous types of vulnerabilities in existence. According to the OWASP Top Ten List of web application vulnerabilities,… Go on to the site to read the full article   Advertise…

Read more →

Introduction A web server is not just any other device that you employ in your network environment. Unlike other devices sitting behind layers of defenses and firewalls, web servers sit at the rim of… Go on to the site to…

Read more →

Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named Networked. HTB is an excellent platform… Go on to the site to read…

Read more →

Introduction The role that the internet plays in people’s lives and business operations has only continued to increase as advancements in web services, web-based applications and other services have… Go on to the site to read the full article  …

Read more →

Introduction Windows Credential Manager is a Windows feature that, both due to its user friendliness and popularity, was brought over to Windows 10. Since its debut in Windows 7, Credential Manager… Go on to the site to read the full…

Read more →

Introduction Industrial Control Systems (ICS) are different from conventional IT systems. ICS typically source data from remote sensors and transmit commands to machines for the relevant action to… Go on to the site to read the full article   Advertise…

Read more →

The growing need for cyber insurance Fueled by the growing number of data breaches, an expanding attack surface and a shortage of cybersecurity talent, cyber risk is a mounting concern for… Go on to the site to read the full…

Read more →

Introduction When you first think of the concept of a picture password, you may think of something like the old TV show classic “Concentration,” or a typical emoji-based conversation — a bunch of… Go on to the site to read…

Read more →

Introduction Zero-day attacks are one of the most dangerous cybersecurity threats. This type of cyberattack targets software vulnerabilities previously unknown to software or antivirus vendors,… Go on to the site to read the full article   Advertise on IT Security…

Read more →

Introduction Foundation Fieldbus was designed to replace analog connections in the refining, petrochemical and nuclear industries. It was first proposed in 1984 and standardized in 1996. Foundation… Go on to the site to read the full article   Advertise on…

Read more →

Introduction Industrial Control Systems (ICS) are part of the Supervisory Control and data acquisition environments. These systems are responsible for the infrastructure of our cities and towns. ICS… Go on to the site to read the full article   Advertise…

Read more →

Introduction Profibus and Profinet were created and designed by the same organization. Profibus stands for Process Field Bus and Profinet stands for Process Field Net.  Since both were created by the… Go on to the site to read the full…

Read more →

Introduction One of the proverbial gems in the crown of a successful attack is user credentials, and it is understandable why. Once an attacker has a compromised system’s credentials, most of the… Go on to the site to read the…

Read more →

Introduction: What is the Gramm-Leach-Bliley Act (GLBA)? Also called the Financial Modernization Act of 1999, GLBA governs the way in which financial institutions must prevent the disclosure of… Go on to the site to read the full article   Advertise…

Read more →

Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named Arctic. HTB is an excellent platform that… Go on to the site to…

Read more →

Introduction Industrial Control Systems (ICS) differ from traditional information technology (IT) systems, making the implementation of certain security controls difficult. Access Controls (AC) deal… Go on to the site to read the full article   Advertise on IT Security News.…

Read more →

Introduction IoT (Internet of Things) and embedded devices present a new challenge to ethical hackers hoping to understand the security vulnerabilities these devices contain. To hack IoT interfaces… Go on to the site to read the full article   Advertise…

Read more →

Introduction We’ve all heard of prominent companies who have been a victim of a data breach. Little to no attention, however, is given to organizations that narrowly avoided security-shaking… Go on to the site to read the full article  …

Read more →

Introduction All components that are discussed in this writing can be found in the two types of ICSes: Supervisory Control and Data Acquisition (SCADA) and Distributed Control System (DCS). An ICS… Go on to the site to read the full…

Read more →

Introduction Malware has been a threat to companies and individuals since the 1970s, when the Creeper virus was first discovered. Since then, the globe has faced threats from hundreds of thousands of… Go on to the site to read the…

Read more →

Introduction  The journey to coding mastery will come with a few bumps in the road. Some can be easily resolved by taking a closer look at the code. Others, however, give the learning coder the… Go on to the site…

Read more →

Introduction Since the introduction of applications (apps) into the Windows operating system family, apps have become a sort of nexus between Windows computer systems and mobile devices. Borrowing… Go on to the site to read the full article   Advertise…

Read more →

Introduction: Why attend conferences?  Conferences are a great way to gain information and knowledge about advances on cutting-edge technologies but are also opportunities to meet and connect with… Go on to the site to read the full article   Advertise…

Read more →

Introduction Moving into the second month of 2020, data privacy and security is still headline news. At the end of January, the United Nations called for additional investigations into the Jeff Bezos… Go on to the site to read the…

Read more →

Introduction When it comes to quickly making wide-ranging modifications to Windows systems, Group Policy is usually at the top of the list for ease-of use and raw power. The problem is that most… Go on to the site to read…

Read more →

Introduction Reverse-engineering and malware analysis tools have an important role to play in terms of cybersecurity. For example, app developers and security teams can implement these control… Go on to the site to read the full article   Advertise on…

Read more →

Introduction In 2018, card-skimming malware targeting Magento-based online stores resulted in the infection of 7,339 e-commerce sites. Any customer entering card details into the site then had those… Go on to the site to read the full article   Advertise…

Read more →

Introduction To continue our ethical hacking series, we are now going to dive deeper into the process of wardriving, wireless hacking and the roles that the Linux tool Kismet plays in an ethical… Go on to the site to read…

Read more →

Introduction  There’s a cloud of confusion around droppers. Often seen as a sort of helper program in a cyberattack, droppers are actually a type of malware that plays an instrumental role. It should… Go on to the site to read…

Read more →

Introduction to the SSH protocol The Secure Shell (SSH) is designed to allow confidential and authenticated remote access to a computer. Like the Telnet protocol, it enables a user to remotely access… Go on to the site to read the…

Read more →

Introduction Distributed Denial-of-Service (DDoS) attacks are one of the powerful cyber weapons threat actors use today. We often hear about a website being “brought down by attackers,” and in most… Go on to the site to read the full article…

Read more →

Introduction Looking for your first job in the exciting field of cybercrime investigation? Or perhaps you’re a seasoned cybercrime investigator looking for your next promotion? You’ll need a resume… Go on to the site to read the full article  …

Read more →

Introduction to Wireshark Wireshark is a freely available tool for network traffic analysis. It can be used to either analyze saved packet capture files or perform live traffic capture of packets… Go on to the site to read the full…

Read more →

Introduction The name EvilGnome may conjure images of a malicious creature of folklore. Instead, this name actually refers to an emerging type of malware recently detected by malware researchers…. Go on to the site to read the full article  …

Read more →

Put on your white hat and learn how to hack for the good guys! Ethical hackers use the same techniques used by cybercriminals to assess an organization’s vulnerabilities and help keep them safe. Join… Go on to the site to…

Read more →

Introduction The zombie movie film genre has long been a favorite among horror film fanatics, as shown by the ever-growing number of films that portray an undead apocalypse. Each of these zombie… Go on to the site to read the…

Read more →

Introduction Classic moves, no matter what the subject matter is, are timeless. Be it the hook shot in basketball, the uppercut in boxing or the pirouette in ballet, these are moves that you remember… Go on to the site to…

Read more →

Introduction Back in the 1990s, when you mentioned cybersecurity to anyone, a glazed look would come over their face. And fair enough. Security, as a discipline of IT, was a bit dry and boring.  Then… Go on to the site…

Read more →

Introduction  Denying the availability of systems and resources of an attack target is a main objective of many real-world attack campaigns. If you were going to disrupt a target, this denial of… Go on to the site to read the…

Read more →

Introduction You know that look in an employee’s eye when you announce the call to cybersecurity awareness training. They already work in IT or know a lot about computing. They also let you know they… Go on to the site…

Read more →

Introduction Beginnings are often steeped in myth, legend and a good helping of storytelling, with malware being no exception to this rule. Way back in 1974, before many of our readers were born,… Go on to the site to read…

Read more →

Introduction Attackers are well known to install malicious software, or malware, onto compromised systems during a cyberattack. But what many may not know is that this is not the first opportunity… Go on to the site to read the full…

Read more →

Introduction The National Institute of Standards and Technology’s Cybersecurity Framework, or NIST CSF, was first published in 2014 to provide guidance for organizational cybersecurity defenses and… Go on to the site to read the full article   Advertise on IT…

Read more →

Mari Galloway, CEO of Women’s Society of Cyberjutsu, and Cyber Work podcast host Chris Sienko discuss Mari’s career journey, the ethos of Women’s Society of Cyberjutsu, and insights on how to diversify the cybersecurity workforce. View the transcript, additional episodes…

Read more →

Introduction Most people love shortcuts — they make things faster and easier. This common passion is behind a lot of the conveniences we experience on a daily basis. Shortcuts have impacted modern… Go on to the site to read the…

Read more →

Introduction  In this episode of Infosec’s cybersecurity podcast series Cyber Work, host Chris Sienko talks with Joshua Knight, cybersecurity business leader at Dimension Data, about how to become a… Go on to the site to read the full article  …

Read more →

Introduction If you would have told the average person fifty years ago that in the future people would be able to view what you are doing on a personal computer screen in your home or at your office,… Go on…

Read more →

Introduction Malware is complex and meant to confuse. Many computer users think malware is just another word for “virus” when a virus is actually a type of malware. And in addition to viruses,… Go on to the site to read…

Read more →

When practicing ethical hacking, a hacker is searching for vulnerabilities. An ethical hacker has several reasons to try gaining unauthorized control of a web server, though the primary reason is to… Go on to the site to read the full…

Read more →

Introduction The Computing Technology Industry Association (CompTIA) has just published its Industry Trends Analysis 2020. This publication takes a generalized look at the landscape in which IT… Go on to the site to read the full article   Advertise on…

Read more →

Introduction to the Internet Protocol The Internet Protocol (IP) is the most widely-used network-level protocol. Common transport-level protocols, the Transport Control Protocol (TCP) and the User… Go on to the site to read the full article   Advertise on IT…

Read more →

Evan Reiser, CEO of Abnormal Security, and Cyber Work podcast host Chris Sienko discuss where email attacks are headed in 2020 and how AI and machine learning can help detect business email compromise.  View the transcript, additional episodes and promotional…

Read more →

Security awareness and training is a vital part of any cybersecurity strategy. After all, human error is the root cause of a quarter of all breaches. For years, organizations have opted for… Go on to the site to read the…

Read more →

Introduction Ports are like the doors into or out of a network, where information must pass through them to enter or exit an organization’s network. Now, when you knock on a door in physical reality,… Go on to the site…

Read more →

Introduction Hybrid malware, also known as combo malware, is a combination of two or more different types of attacks — usually a Trojan horse or worm with adware or malware attached. Hybrid malware… Go on to the site to read…

Read more →

Are your employees prepared to protect the cardholder data they process, store and transmit? With over 120 billion card payments — or $6.48 trillion dollars in transactions — processed yearly in the U.S. alone, it’s easy to see why payment…

Read more →

Introduction If you ask any number of information security experts about emerging platforms you will hear many answers, but the Internet of Things, or IoT, will be one of the top responses. Attackers… Go on to the site to read…

Read more →

Introduction to ICMP Unlike the Transport Control Protocol (TCP) and User Datagram Protocol (UDP), the Internet Control Message Protocol (ICMP) is not designed for carrying data.  While ICMP packets… Go on to the site to read the full article  …

Read more →

Introduction The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) provides guidance for organizations regarding how to better manager and reduce cybersecurity risk… Go on to the site to read the full article   Advertise on IT Security…

Read more →

Introduction  Two-factor authentication (2FA) has been renowned for some time now for the security it can bring to organizations. The combination of something you know, something you have and… Go on to the site to read the full article  …

Read more →