Major security breaches are ubiquitous in 2019. New breach stories are written every week – state-owned petroleum companies, major healthcare providers, police and intelligence agencies. And they aren’t going anywhere. As we work tirelessly to enhance our capabilities, theirs get even more sophisticated. We’d like to shine a light on three significant breaches from 2019, […]
Read more
The security landscape continues to change, and vendors are making choices in response to emerging threats in the global threat landscape. Recently, Mozilla decided that they would be rolling out a planned security feature for their popular Firefox web browser that would make DNS over HTTPS the default protocol for DNS traffic. Being a relatively […]
Network and system scanning by external 3rd parties are as common as weeds growing in a garden, and it is about as useful too. Scanning occurs for a variety of reasons: it could be a search engine attempting to index your public environment and website, an ISP evaluating their autonomous system, universities conducting research, or […]
Security-On-Demand recently caught up with cybersecurity expert Sai Huda. Sai Huda is a globally recognized cybersecurity expert and author of the best-seller, Next Level Cybersecurity: Detect The Signals, Stop The Hack. He is a frequent keynote speaker at industry conferences speaking on cybersecurity risk management best practices. Below are Huda’s insights on the ever-increasing threat, […]
Written by: Carmen Silva, Analyst Team Manager Phreaking is a slang term for hacking into secure telecommunication networks or using a computer or other device to trick a phone system. The term phreaking originally referred to exploring and exploiting the phone networks by mimicking dialing tones to trigger the automatic switches using whistles or custom […]
Steganography is a methodology of hiding information in the unnecessary pixels of a picture. While it is not terribly common, hackers have used it in a variety of ways, from hiding malware to sending commands and information and exfiltrating data. Steganography can be very difficult to detect as the image itself looks the same as […]
Written by: Evan Stewart, Cyber Security Operator With communication infrastructure being built on an internet/Ethernet-based interaction, it is only natural that the Aviation industry would adopt the speed and necessity of the same technology. However, with those changes, the concern for digital/data security is put into question. At Defcon 27, the Aviation Village was introduced […]
Providing managed detection and response (MDR) services is tough in today’s world. Unless you are constantly investing in R&D and a dedicated workforce, attackers will continue to be ahead of us, the defenders. Yesterday’s solutions won’t detect tomorrow’s threats. The most popular cybersecurity solutions today, referred to as 3rd generation, were built as reactionary threat […]
On July 15th the FBI, in partnership with global contributors, released a decryptor for the Gandcrab ransomware. The decryptor for Gandcrab and can be downloaded at nomoreransom.org (we should also note that other more obscure ransomware have decryptors available on that site). The FBI Flash adds, “The collaborative efforts further identified the master decryption keys […]
Zero-day vulnerabilities (with their exploits) discovered and kept private by governments and their intelligence agencies are often some of the most powerful and dangerous vulnerabilities, especially when something that is meant to stay private is released to the public. Like EternalBlue before it, BlueKeep was a zero-day that the National Security Agency allegedly discovered and […]
