Each year my team conducts hundreds of Penetration Tests in a wide variety of industries, ranging from Healthcare to Retail, Finance to Manufacturing, and many more. The team analyzed data collected from each of our penetration tests at SecureState since 2011 and found common themes in the methods of compromise utilized to break into organizations and compromise […]
Top 5 Attack Vectors Report: Defend It Before You Hack It Read More »
There was something shocking in my local suburban newspaper today. I opened up to page two and behold…an article that touched on information security! Specifically, the article was about how a small municipal court system in my area had a PC that was infected by an email “virus”. This virus caused a “hard drive to
Who’s managing information security in your city? Read More »
I won’t go into detail about the new Microsoft vulnerability…you all know it’s pretty serious and there are a ton of blogs and websites talking about the dirty details. Hopefully you have all read about it and are getting the word out about patching. However, there are some updates on the status of currently available
Exploit status for MS08-067 Read More »
Looks like the exploit code has been released by HD Moore as a Metasploit module. Hope everyone took the DNS patching requests seriously since we all know Metasploit is really easy to use (yes, especially for script kiddies!). If you haven’t patched your DNS yet…do it now! Check here for more information and here to
Exploit in the wild for the Kaminsky DNS vulnerability Read More »
Perhaps someone has figured it out or just decided to announce it but the big DNS vulnerability that Dan Kaminsky told the world about may have been revealed. Apparently a reverse engineer named Halver Flake was pretty close to figuring out how the vulnerability works. Then someone at Matasano apparently posted the details and then
Has the DNS vulnerability been revealed? Read More »
