Network and system scanning by external 3rd parties are as common as weeds growing in a garden, and it is about as useful too. Scanning occurs for a variety of reasons: it could be a search engine attempting to index your public environment and website, an ISP evaluating their autonomous system, universities conducting research, or […]
Read more
Security-On-Demand recently caught up with cybersecurity expert Sai Huda. Sai Huda is a globally recognized cybersecurity expert and author of the best-seller, Next Level Cybersecurity: Detect The Signals, Stop The Hack. He is a frequent keynote speaker at industry conferences speaking on cybersecurity risk management best practices. Below are Huda’s insights on the ever-increasing threat, […]
Written by: Carmen Silva, Analyst Team Manager Phreaking is a slang term for hacking into secure telecommunication networks or using a computer or other device to trick a phone system. The term phreaking originally referred to exploring and exploiting the phone networks by mimicking dialing tones to trigger the automatic switches using whistles or custom […]
Steganography is a methodology of hiding information in the unnecessary pixels of a picture. While it is not terribly common, hackers have used it in a variety of ways, from hiding malware to sending commands and information and exfiltrating data. Steganography can be very difficult to detect as the image itself looks the same as […]
Written by: Evan Stewart, Cyber Security Operator With communication infrastructure being built on an internet/Ethernet-based interaction, it is only natural that the Aviation industry would adopt the speed and necessity of the same technology. However, with those changes, the concern for digital/data security is put into question. At Defcon 27, the Aviation Village was introduced […]
Providing managed detection and response (MDR) services is tough in today’s world. Unless you are constantly investing in R&D and a dedicated workforce, attackers will continue to be ahead of us, the defenders. Yesterday’s solutions won’t detect tomorrow’s threats. The most popular cybersecurity solutions today, referred to as 3rd generation, were built as reactionary threat […]
On July 15th the FBI, in partnership with global contributors, released a decryptor for the Gandcrab ransomware. The decryptor for Gandcrab and can be downloaded at nomoreransom.org (we should also note that other more obscure ransomware have decryptors available on that site). The FBI Flash adds, “The collaborative efforts further identified the master decryption keys […]
Zero-day vulnerabilities (with their exploits) discovered and kept private by governments and their intelligence agencies are often some of the most powerful and dangerous vulnerabilities, especially when something that is meant to stay private is released to the public. Like EternalBlue before it, BlueKeep was a zero-day that the National Security Agency allegedly discovered and […]
Behavioral analytics are critical to successful security monitoring and detection. Quite simply, standard rule and signature based detection is wholly insufficient to detect today’s attacks. Unfortunately, when most organizations think about and implement behavioral analytics they only approach it through looking at human behaviors via user behavioral analytics (UBA). However, real security is better achieved […]
User Behavioral Analytics (UBA) baselines and analyzes the day-to-day behaviors of the users on our networks. Using Active Directory, Kerberos, Linux, Content Management or other user account based logging we have the data we need to model out the normal behaviors of all accounts on the network. UBA looks primarily (not exclusively) at three user […]
