Is Cyber Insurance Becoming Worthless?

August 17, 2021

New challenges have emerged that make it difficult to transfer risk. Ransomware has changed the game An overlooked yet the increasingly important challenge in information risk management is finding the right balance between cybersecurity and cyber insurance. We continue to see organizations hit with ransomware from a variety of vectors, including spam emails, drive-by downloads,…

Read

Simple Data Exfiltration Through XSS

May 11, 2021

During a recent engagement, I found a cross-site scripting (XSS) vulnerability in a legal document management application and created a quick and dirty document exfiltration payload. Unfortunately, this discovery and coding happened on the final day of the engagement (*cough* reporting bonus hacking day), and I didn’t have a chance to actually put the exfiltrated…

Read

Fear, Cybersecurity, and Right to Repair

November 5, 2020

Massachusetts is the latest state to grapple with Right to Repair legislation. A ballot question in the 2020 election asked the state’s voters to decide whether or not automobile manufacturers must make the telematics data collected by cars’ on-board computers available to independent repair shops. What seems like a debate over who can access the…

Read

Making EDR Work for PCI

September 10, 2020

The Endpoint Detection & Response (EDR) and Advanced Threat Protection (ATP) marketplace is abuzz with products that blur the lines of personal firewall, host-based intrusion detection system (IDS) and intrusion prevention system (IPS), anti-virus, system logging, and file integrity monitoring (FIM). These solutions are centrally managed from your web browser and include advanced dashboards for…

Read

Azure Automation – Getting Started With Desired State Configurations

July 21, 2020

Azure brings a lot of new tools and capabilities to the IT and Information Security toolbox. In fact, there are so many features that it can be overwhelming and difficult to understand when or how to use them. I believe that the revamp of Desired State Configuration (DSC) within Azure is one of these overlooked…

Read

Using Azure to Address Endpoint Hygiene Management

July 14, 2020

Remote workers are set up, but endpoint management is still an issue Setting up a remote workforce during the COVID-19 pandemic presented a huge challenge, especially trying to get so much done in such a short time frame. While getting extra Zoom licenses was likely pretty easy, there are more challenging issues surrounding remote sharing…

Read

Questions after an assessment? Let TrustedSec be your guide.

June 29, 2020

Are you having trouble remediating your penetration test findings? It might be time to get some help from TrustedSec. After TrustedSec consultants complete security assessments, clients will often ask us to re-test the specific findings from the last test. But in many instances, those same problems exist—sometimes they are exactly the same, but other times,…

Read

From the Desk of the CEO: TrustedSec Announces Professional Training Courses Online

April 7, 2020

TrustedSec has offered customized, in-person training to our clients for several years. With the need to move toward an online platform, TrustedSec has expanded our cutting edge training to help further educate and develop the Information Security industry. These offerings are designed to be some of the most effective instructor-led and live courses available today….

Read

Targeted Active Directory Host Enumeration

January 23, 2020

Current Problem When working in an unknown network, some of the most important pieces of information to have are appraisals of current assets and information contained on them. This is important for any security professional, from tester to defender. Given the prevalence of Active Directory (AD) in most Windows environments, gaining a clear inventory of…

Read
Five Thoughts on Securing Multi-Cloud Environments graphic

Five Thoughts on Securing Multi-Cloud Environments

March 19, 2019

As its name suggests, a multi-cloud environment is a network that utilizes the services of more than one cloud provider. There are many different ways that multi-cloud infrastructures can be designed and a primary topic of discussion is how to properly secure these environments.  No single cloud service provider has the best environment for every…

Read
  • Browse by Category

  • Clear Form