TrustedSec a featured commentator on Fox Business

March 29, 2018 | By:

Facebook’s ongoing struggle with maintaining user data privacy was the topic of discussion on a recent Fox Business segment, “The Business of Cybersecurity.” TrustedSec’s GRC Practice Lead Alex Hamerstone was asked to provide background and analysis on Facebook’s new privacy standards and dashboards.

Dave Kennedy featured in WIRED

March 28, 2018 | By:

Hacker Guccifer 2.0’s identity was recently determined after making one seemingly small mistake. TrustedSec founder, Dave Kennedy, contributed to the article detailing how even elite hackers are prone to human mistakes. Read more here.  

Magic Unicorn v3.0 Released

March 23, 2018 | By:

TrustedSec is proud to announce the release of Magic Unicorn v3. This release incorporates one of the largest additions to Unicorn in three years. This version adds several enhancements including support for Cobalt Strike beacon into the PowerShell evasion framework built into Unicorn. In addition, Unicorn now supports your own shellcode to be inserted into…

GDPR: Chip away at the stone

March 21, 2018 | By:

In our work with clients on the General Data Protection Regulation (GDPR) (Regulation [EU] 2016/679), we have generally not seen organizations accomplish full compliance all at once. Instead of a full-on project, the actions we’ve seen have been addressed a little at a time. One client said they were just “chipping away at the stone,”…

Episode 2.12 Is that CryptoMiner or a Utility? Wildcards for the Masses, Look-a-Likes, and More CPU Vulnerabilities

March 16, 2018 | By:

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Dave Kennedy, Ben Tenjamin, Geoff Walton, Chris Prewitt, Justin Bollinger

Take Your Employees Phishing!

March 05, 2018 | By:

Because Phishing attacks are becoming more advanced in their exploitation of social engineering techniques, it may be overwhelming to attempt a defense against them. Technical defenses can work hard to shield your employees from being targeted by large phishing expeditions, but user awareness is key in protecting an organization against phishing attacks. Below I will…

Webinar: New PCI Requirements are Now, Actually, Required!

February 28, 2018 | By:

It is finally here. The forward dated controls that have been in existence since the release of version 3.2 of the PCI Data Security Standard are required as of February 1st. Companies are still struggling Hopefully by now you have had a chance to review them, but there are still a number of companies struggling to interpret scope or…

Carlos Perez (darkoperator) joins the TrustedSec team!

February 19, 2018 | By:

TrustedSec is proud to announce the hiring of Carlos Perez (@Carlos_Perez) to run the Research and Development team. At TrustedSec, we continue to expand our tooling, capabilities, and talent within the organization. With the addition to Carlos coming aboard, we continue to hire specialized, passionate, and highly skilled people. Carlos has been a friend for…

Hide Yo Servers, Hide Yo Data . . .

February 14, 2018 | By:

Companies spend millions of dollars to protect their data in the forms of firewalls, antiviruses, spam filters, web content filters, multi-factor authentication, and so on. But what about physical security? Most companies will have a badge system to grant employees access to the facility. Main entrances will have a receptionist or sometimes a security guard…

How to Choose a PCI QSA

February 12, 2018 | By:

As of writing this article, there are currently 378 PCI QSA Companies worldwide that are certified by the PCI Council. That is quite a selection to narrow your choices. So what do you look for in good qualities to partner with? What attributes do you form that basis on? Throughout this blog, we are going…