TrustedSec Podcast Episode 3.17 – The End of End to End

August 02, 2019 | By:

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, David Boyd, and Alex Hamerstone Title: Kazakhstan’s HTTPS InterceptionURL: https://censoredplanet.org/kazakhstan Author: Ram Sundara Raman1, Leonid Evdokimov, Eric Wustrow2, Alex Halderman1, Roya Ensafi Title: DMARC’s…


CEO David Kennedy discusses Draft Security on CNBC’s The Exchange

July 08, 2019 | By:

The hacking advisor for the Cleveland Cavaliers, Dave Kennedy joins The Exchange on how NBA franchises are protecting their game strategy and players’ data.


CEO David Kennedy quoted in WIRED regarding ransomware and local government

July 01, 2019 | By:

“There’s definitely an increase or uptick in the amount of ransomware campaigns that we’re seeing out there, but it’s not specific to municipalities or state or federal organizations, it’s just pretty much across the board in every industry vertical,” David Kennedy in this WIRED feature published in light of attacks on local and municipal governments…


CEO Dave Kennedy provides insights to WSJ in ‘NBA Strives to Protect Secrets From Hackers’

June 10, 2019 | By:

Information teams store about their athletes, prospects and fans, can entice hackers, said David Kennedy in this Wall Street Journal article. “There’s a lot of money involved in this now, particularly with the legalization of gambling, where any type of inside information, forecasting or understanding of what an organization is doing can yield a high…


Big Changes in Store for PCI DSS v4.0, and More!

September 20, 2019 | By:

This week I attended the PCI North American Community Meeting. If you are in the payment security space and haven’t been to a community meeting, I would recommend that you put this on your conference schedule. It’s great to connect with like-minded individuals, including card brands, banks, large customers, vendors, and yes, assessors – both internal (ISAs)…


Cracking the DerbyCon Code

September 18, 2019 | By:

To commemorate the final DerbyCon, TrustedSec did something a little special on our challenge coin. Along the outer edge of the coin was a code, and anyone who could figure it out by DerbyCon’s final day at noon got a prize. I was lucky enough to design the code and was asked by many people…


Attacks on the Rise Through Office 365

September 17, 2019 | By:

Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet…


Dealing With Third-Party Risk Assessments: Creating and responding to vendor questionnaires

September 16, 2019 | By:

Wednesday, September 25th at 1 p.m. EST Ain’t nobody got time for that! Are you feeling overwhelmed? Have you been diagnosed with a case of audit fatigue? The growth in third-party assessment requests has exploded–more and more organizations are being forced to fill out third-party vendor forms and create or formalize third-party risk functions. The…


TrustedSec Podcast Episode 3.19 – DerbyCon Victory Lap!

September 13, 2019 | By:

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Kennedy, and Martin Bos This show features a little different format we look back on nine years of DerbyCon with two of the principal organizers!


PCI Requirements 101

September 12, 2019 | By:

Having completed several PCI-DSS (Payment Card Industry – Data Security Standard) Reports on Compliance (RoCs) over the past couple of years, I have noticed a consistent pattern on the items needed for the 12 requirements. I have found that there are three basic components to most if not all PCI requirements: Documentation (Policies, Standards, and…


Three Most Common Security Flaws (and How to Fix Them)

August 27, 2019 | By:

When it comes to physical security, the most common things we see are hardware vulnerabilities or human error (through social engineering attacks, failure to follow security guidelines, or no knowledge of security protocols). We have successfully broken into everything from locally run neighborhood shops to banks, power plants, hospitals, factories, law firms, and everything in…


Top 10 MITRE ATT&CK™ Techniques

August 22, 2019 | By:

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available to any person or organization for use at no charge.” One of the most beautiful parts of the MITRE ATT&CK™ Framework is that its information can be analyzed to…


TrustedSec Podcast Episode 3.18 – Live From Vegas!

August 16, 2019 | By:

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Hans Lakhan, and David Boyd In this episode we share what happened in Vegas! Wait is that allowed? Links from the show: Proxmark3 API Induced SSRF…


Going Purple: Measurably improving your security posture with Purple Team engagements

August 05, 2019 | By:

This webinar was recorded on Wednesday, August 21st Adversaries continue to morph tactics and identify new ways of attacking organizations. Whether emulating a perimeter breach or the more popular phishing attack on the user population, it has never been more important to attack patterns and categorize behavior to defend against them. What’s the process and…