Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
There's More than One Way to Trigger a Windows Service
Service triggers can be a pentester’s secret weapon, letting low-priv users quietly fire up powerful services like Remote Registry and EFS. Learn how they can…
Skimming Credentials with Azure's Front Door WAF
Your Web Application Firewall (WAF) sees EVERYTHING. In this blog, we demonstrate how an attacker with access to Azure Front Door’s WAF and Log Analytics can…
PCI P2PE vs. E2EE – Scoping it Out
If your payment processor says they use “End-to-End Encryption” your PCI DSS compliance scope may be bigger than you expect. In this blog, we break down how…
HIPAA Applicability - Understanding the Security, Breach Notification, and Privacy Rules
In this blog, we explain how HIPAA’s Privacy, Security, Breach Notification, and Administrative Rules apply while clearing up common misunderstandings about…
CMMC NOPE: Why You Don’t Need to be CMMC Compliant
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for…
HIPAA Business Associates - What’s Your Function?
Many teams working with health care providers receive requests to sign a Business Associate Agreement. In this blog, we break down HIPAA’s definition of a…
HIPAA Covered Entities - It’s More Than Just PHI
Handling health records doesn’t automatically make an organization a Covered Entity. In this blog, we help clear up common misconceptions so teams can better…
WSUS Is SUS: NTLM Relay Attacks in Plain Sight
Windows Server Update Services (WSUS) is a trusted cornerstone of patch management in many environments, but its reliance on HTTP/HTTPS traffic makes it a…
A Big Step on the CMMC Rollout Timeline
A major step on the CMMC rollout timeline was completed recently as the regulatory change that will create the CMMC contract clause made its way to the Office…
Detecting Active Directory Password-Spraying with a Honeypot Account
Password-spraying is a popular technique which involves guessing passwords to gain control of accounts. This automated password-guessing is performed against…
HIPAA Protected Health Information - When Health Information Isn’t Protected
Many organizations don’t understand that not all health information is PHI and apply HIPAA more broadly than is required. This has implications for which…
Protecting Backup and Recovery in the Age of Ransomware
Ransomware attackers frequently target backups and recovery systems to force victims into paying ransoms, making robust protection strategies essential for all…
Loading...