If you are in the IT industry, most likely you will need to keep up with technology by obtaining a certification, attending a product training, attending a boot camp or a combination of these. I’ve gone through many different programs and have a few lessons learned that could help you with your future education planning. Continue reading
Social Engineering is all about tricking somebody into acting a way you want them to act. A common tactic is having them click a link using a phishing attack such as a fake UPS delivery link around Christmas or cloning a popular website such as Facebook. Sometimes a target may question the authenticity of the source attempting to contact them. One way to fake your identity is to use listyourself.net by listing your phone or burner phone as a fake identity used in your social engineering scam. That website is http://www.listyourself.net/ Continue reading
The Center for Internet Security (CIS) released a new version of their critical security controls white paper. You can download it for free HERE. Topics include best practices for network access control, having a inventory of authorized and unauthorized software, system configuration, vulnerability assessments, administrating role based access controls, email and web best practices, breach detection and so on. This is a really good document to evaluate your current state of security as well as learn some methods to improve your security posture. Continue reading
Cisco very recently acquired OpenDNS. For those that are not familiar with OpenDNS, they see around 80 billion DNS records a day meaning they can be pretty effective at determining what is a possible threat from a reputation perspective. Customers can point their devices at OpenDNS and enable content filtering along with different threat blocking features. Cisco also just announced that they have integrated other threat intelligence research from ThreatGrid and AMP making the OpenDNS offering much more effective.
I have tried out the free version in the past and now running the Umbrella upgrade. This post will cover my experience with both the free and paid Umbrella offering. Continue reading
Jai Vijayan from darkreading.com wrote a great article covering the Logjam Encryption Flaw. The original post can be found HERE.
Most major browsers, websites that support export ciphers impacted
More than 80,000 of the top 1 million HTTPS domains on the Internet are vulnerable to a bug in the basic design of the Transport Layer Security (TLS) protocol that is used to encrypt communications between browser clients and web servers. Continue reading
The use of smartphones is the best way to stay in touch with your loved ones. And with the upsurge in the development of the instant messaging apps such as WhatsApp, Viber and a lot more have completely knocked out the traditional text messaging trend and have taken over the world of messaging. Even though there’s always a doubt with hacking of these apps; hacking WhatsApp has been confirmed as the easiest deal for an amateur hacker. Continue reading
There has been a lot of questions around the new AnyConnect licensing introduced with the AnyConnect 4.0 release. In summary, the older version of AnyConnect had many license options (TOO MANY!). So Cisco has consolidated these into two options, which are Plus and Apex. Below is a comparison of how the AnyConnect 3.1 compares to AnyConnect 4.0. Hope it helps! Continue reading
The latest 2015 Verizon Breach Investigation Report (VBIR) is now out and can be downloaded HERE. For those that have not seen these reports, they survey a number of customers and gather information about different types of breaches. It is a trend based report but great data to get an idea of which types of attacks are being seen by different types of businesses. Continue reading