Articles In Security

By Steve Gold, Posted in Security

So how does a round trip flight to Mars, with an extended layover for one lucky astronaut, relate to establishing a remediation process around vulnerabilities? Mark Watney, played by Matt Damon, finds himself stranded on Mars after his crew mistakenly believes he died during a severe storm and leaves the planet without him. The movie follows Watney as he faces numerous challenges and risks associated with survival on Mars. His approach to these challenges can be likened to a risk-based remediation strategy... read more.

  • December 12, 2023

By Steve Gold, Posted in Security

Always! I was going to continue to use movie or television references to highlight the importance of this CIS Safeguard but realistically, there isn’t one. There are plenty of examples where the lack of an effective Vulnerability Management Process caused a breach. Here are just a few: Equifax (2017): One of the most notable breaches in recent history. Equifax, a major credit reporting agency, suffered a data breach that exposed the personal information of 147 million people. The breach occurred du... read more.

  • November 15, 2023

By Steve Gold, Posted in Security

This line from “The Fugitive” portrays Dr. Richard Kimble (played by Harrison Ford), a vascular surgeon who was wrongly convicted of his wife's murder. After escaping custody, he set out to prove his innocence while being pursued by Deputy Marshall, Samuel Gerard (played by Tommy Lee Jones). In a face-to-face standoff, Richard says, “I didn’t kill my wife.” Deputy Gerard responds with, “I don’t care.” One of the best responses to that line, in my humble opinio... read more.

  • November 07, 2023

By Steve Gold, Posted in Security

One of my favorite movies is WarGames. If you haven’t seen it, stop reading immediately cause I’m going to spoil it for you. In the movie, David Lightman (played by Mathew Broderick) uses a technique called wardialing, where his computer dials every phone number in a given area to find a modem at the other end. David discovers a modem for a military supercomputer aka WOPR (War Operation Plan Response, because everything needs an acronym). Once he's connected, he relies on easily guessable passw... read more.

  • October 31, 2023

By Steve Gold, Posted in Security

In "Mission: Impossible," one of the most iconic scenes involves Ethan Hunt (played by Tom Cruise) infiltrating a highly secure CIA facility at Langley to steal the NOC list, a comprehensive list of all covert agents. To access this room, Hunt has to bypass multiple security measures: Temperature Regulation: The room is temperature-controlled. A sudden rise could trigger the alarm. Ethan and his team have to ensure that his body heat doesn't increase the room's temperature. Sound Sensors: The room is eq... read more.

  • October 26, 2023

By Hank Smith, Posted in Security

In the ever-evolving landscape of cybersecurity threats, phishing and ransomware emails remain persistent challenges for organizations. While technology plays a crucial role in minimizing the impact of such threats, user-based training is equally essential. Many corporations have adopted mandatory training programs that aim to educate employees and test their ability to identify and respond to suspicious emails. In this blog post, we will explore the effectiveness of user training and how Microsoft Attack S... read more.

  • October 25, 2023

By Carlo Costanzo, Posted in Security, Virtualization

During our internal tech brief, Tim Husar brought to everyone’s attention a new vulnerability announced by VMware. This critical issue involves an out of bounds write vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical Severity Range with a maximum CVSSv3 base score of 9.8. The write vulnerability could allow a malicious actor to execute remote code. The issue affects most versions of vCenter in production and VMware has... read more.

  • October 25, 2023

By Steve Gold, Posted in Security

One of my favorite scenes in Thor: Ragnarok was when Thor attempted to escape the junk planet. He made it to the Quinjet and tried many different activation codes (access) such as: "Thor", "Son of Odin," and "Strongest Avenger" (twice). None worked. It was only when he said “Point Break” did the Quinjet start. Point Break was the activation code that Tony Stark had assigned him back from the 2012 Avengers movie. Unauthorized access to sensitive information is one of the most significant threats... read more.

  • October 10, 2023

By Steve Gold, Posted in Security

One of the most famous wizards of all time, Harry Potter, learned that he was destined to attend Hogwarts School of Witchcraft and Wizardry on his 11th birthday. It was then that Harry acquired his first wand at Ollivanders shop in Diagon Alley. From the moment he received his first wand, Harry had to learn how to wield the power of his wand. Similarly, in the digital landscape, providing every user with administrator privileges is like handing them a wand without proper training. Just as aspiring wizards... read more.

  • September 27, 2023

By Steve Gold, Posted in Security

If you’re a geek like me, you remember the above line from Star Wars Episode VI: Return of the Jedi where a strike team posing as an engineering crew gives a stolen (dormant) authorization code as they attempt to pass through a security checkpoint. The successful use of that dormant code allowed the rebels to take down the force field, fly inside the superstructure, knock out its main reactor, and destroy the Death Star. Dormant accounts are those virtual identities that lie idle, untouched, and unus... read more.

  • September 19, 2023