With a deviation from the focus on security technology, it may be appropriate to address risk in terms of repairing the broken shell that has become the container for a “free” society. The imposition of this term does not ring true for all participants in said society. Without convincing the majority to break ranks, itContinue reading “Broken Shells”

Given the choice of having IDOR or BOLA, which do you think is preferred? The correlation of Ebola Virus Disease aside, it should be noted that both IDOR and BOLA are one in the same. IDOR (Insecure Direct Object Reference) and BOLA (Broken Object Level Authorization) are abbreviations reserved for manipulating object ID’s via API’sContinue reading “BOLA is Super-Contagious”

While gun control in the United States is a very passionate topic for some, cybersecurity weapons are freely available to those that have the inclination to obtain them. With the recent disclosure of several cybersecurity tools (including the paid for Cobalt Strike) this may spark another conversation of regulation of software. Should we be requiredContinue reading “Cybersecurity Weapon Control”

A supply chain attack is an indirect attack that originates from an organization that provides a good or service to the company being attacked. The idea here is that while the primary organization (US Government) will have strict security controls, it is not likely that all of the supplying vendors have the same controls. WeContinue reading “Supply Chain Attacks”

When it comes to securing data in a cloud environment, the responsibility for security can be a bit cloudy. While cloud providers do clearly state who is responsible depending on the level of service, ultimately the responsibility should be shared by all parties involved. Albeit in storage, transfer, or process, data security should be managedContinue reading “Security Responsibilities that are a Bit Cloudy”

Bring Your Own Networking (BYON) appears to be the newest “Bring Your Own” fad given the drastic increase in remote work.  When one looks around there is not a lot of information out there. It is no wonder when considering how similar BYON and BYOD (Bring Your Own Device) are. They both can boost productivity,Continue reading “BYON: The Next Big Security Risk”

This last Tuesday has come and gone and we are left with another high ranking vulnerability being patched by Microsoft during their monthly upkeep. CVE-2020-16898, aka “Bad Neighbor,” discloses an IPv6 vulnerability “which allows an attacker to send maliciously crafted packets to potentially execute arbitrary code on a remote system” according to Steve Povolny and Mark BerezaContinue reading “Don’t be a Bad Neighbor”

Secura’s Tom Tervoort recently revealed the details for why you should have zero tolerance when patching ZeroLogon available in this white paper. There is also a proof of concept (POC) exploit now available on github. This vulnerability takes advantage of what is referred to as “a flaw in a cryptographic authentication scheme used by theContinue reading “ZeroLogon Required”

The very definition of ransomware is misleading. The use of ransomware is not necessarily for relieving an organization of money, and is often just a tool for leveraging a position in a complicated game of cat and mouse. Ransomware has made its way through government institutions, and is back to declaring unfathomable bounties as itContinue reading “The “R” Word”

Intel could probably start causing fires with their processors and still be the number one provider of silicon in the world. They are not likely to find themselves filing bankrupcy because a research team has continued to develop an exploit disclosed in January. While the modification for use of processors may reduce chipset features, IntelContinue reading “Did Intel Just Get the Axe?”