Highlights from the NIST Cybersecurity Risk Management Conference

November 20, 2018 | By:

NIST hosted a CyberSecurity Risk Management Conference from November 8th through the 10th.  The event was expanded and improved from previous NIST workshops, which were more government focused. Thus for this conference, they wanted the same spirit of gaining stakeholder input on the frameworks and general cybersecurity areas, but with a much greater attendance and…


Holiday Phishing: Office 365

November 15, 2018 | By:

  It’s that time of year again, Merry Phishmas!! Holidays are the prime time of the year for attackers to send Phishing campaigns. Whether you are looking for the best deal on Black Friday, the best Christmas gift for that special family member, or a Holiday greeting from employees, employers, or costumers, there are plenty…


What Information Security Can Learn From the Hospitality Industry

November 06, 2018 | By:

The Information Security industry has a lot in common with the Hospitality industry. Both industries are service oriented, high volume, and built on trust. As with all services founded on trust, establishing and maintaining healthy relationships is critical for success. Strong relationships can do a lot for a security program. They can garner additional funding…


Of Failure and Success

October 30, 2018 | By:

  Experience is simply the name we give our mistakes. — Oscar Wilde   Over the course of a year, I watch many InfoSec conference presentations whether in person at the conference or via a recording on YouTube, I read a multitude of amazing blog articles, and I follow and read the messages of many…


The Three Best Security Analogies I Know (and How to Use Them)

October 29, 2018 | By:

When it goes well, explaining security concepts to coworkers, friends, and family is one of the best parts of being in the security industry. It helps others make more risk-aware decisions, reduces ‘inarticulate tech geek’ stereotypes, and enhances soft-skills. Unfortunately, explanations do not always go well. Audiences need to be in the right state of…


TrustedSec Podcast Episode 3.4 – Yahoo! Siri “helpful” as Ever, and Vigilante Networking!

October 26, 2018 | By:

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Justin Bollinger, and Alex Hammerstone   Title: Yahoo to pay $50M, Other Coasts for Massive Security Breach URL: https://abcnews.go.com/Technology/wireStory/yahoo-pay-50m-costs-massive-security-breach-58693643 Author: Michael Liedtke   Title:…


Webinar: Creating your Career Path in Information Security

October 25, 2018 | By:

  Please join us on Wednesday, November 14th, 2018 at 3:30 PM TrustedSec Senior Security Consultant Adam Compton will lead a discussion about different paths to a potential career in infosec. Geared towards students, IT professionals or those interested in a career change, Adam will present his experience in understanding what current employers are looking…


Let’s Build a Card Cloner

October 23, 2018 | By:

This post isn’t attempting to present new research or a new device—that work has already been done, a la Bishop Fox. While an overall design was created, and many others have discussed building such a device, doing so can prove to be challenging. This post will provide you with all that is needed to fully…


A Buyer’s Guide to Beginning SDR

October 22, 2018 | By:

For my first post on software-defined radios (SDRs), I’d like to start off by talking about a few things that most people find out through either experience or spending hours hunting on Google (or never figure out at all, and chalk the problem up to software bugs and hardware gremlins). One thing that I learned…


W32.Coozie: Discovering Oracle CVE-2018-3253

October 17, 2018 | By:

NOTE: On October 17th, 2018 Oracle released a patch for this vulnerability as several others: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html There are times when finding a 0day in a major-branded product like Oracle takes months of research, and there are times when it just jumps off the screen and you think to yourself, ‘There’s no possible way that is…