Cyber Security

CIS CSAT – A free tool to assess your implementation of CIS Controls

No comments
CIS CSAT Dashboard

CIS CSAT is a free web-based tool that allows organizations to assess their cybersecurity strategy and infrastructure against the Center for Internet Security’s 20 Critical Controls. The tool was developed for CIS by EthicalHat Cyber Security, and is based on AuditScripts’ popular CIS Controls Manual Assessment spreadsheet. It helps businesses easily track their documentation, implementation, automation and reporting of CIS Controls, and compare their own security performance with the industry average.

EthicalHatCIS CSAT – A free tool to assess your implementation of CIS Controls
Read More

First American Financial Corp facing the heat after data exposure

No comments

Company sued by client; Data leak under investigation

Real estate giant First American Financial Corp (NYSE:FAF), that suffered a serious data leak recently, was sued by a client late last month for failing to implement “even rudimentary security measures” and putting millions of clients’ information at risk.

EthicalHatFirst American Financial Corp facing the heat after data exposure
Read More

Adobe releases 87 patches for vulnerabilities in Acrobat, Reader, Flash Player, Media Encoder

No comments

In a massive patch update on Tuesday, Adobe released security patches for 87 vulnerabilities in four of its products – Adobe Acrobat, Adobe Reader, Adobe Flash Player, and Adobe Media Encoder. As many as 84 of the 87 patches address vulnerabilities in Acrobat and Reader.

EthicalHatAdobe releases 87 patches for vulnerabilities in Acrobat, Reader, Flash Player, Media Encoder
Read More

A few tips to find out if that suspicious-seeming email you received is really malicious

No comments

We all receive malicious or spammy emails from time to time, and while most are easy to tell apart from legitimate mail, there are some that require greater attention to detect. An Unsolicited Commercial Email (UCE), more commonly known as spam, may be an irritant, but it is not a threat to you. Malicious emails, on the other hand, are intended to swindle or steal, and are far more dangerous.

EthicalHatA few tips to find out if that suspicious-seeming email you received is really malicious
Read More

CISA releases BOD 19-02 setting out Vulnerability Remediation Requirements for Federal Agencies

No comments

The Cybersecurity and Infrastructure Security Agency (CISA) released its latest Binding Operational Directive (BOD 19-02), “Vulnerability Remediation Requirements for Internet-Accessible Systems”, this week. The directive supersedes BOD 15-01, “Critical Vulnerability Mitigation Requirement for Federal Civilian Executive Branch Departments and Agencies’ Internet-Accessible Systems”, which came out in 2015. BOD 15-01 required federal agencies to remediate critical infosec vulnerabilities within 30 days of detection, in addition to initiating ongoing tracking and monitoring, and led to a significant improvement in the federal government’s security posture.

EthicalHatCISA releases BOD 19-02 setting out Vulnerability Remediation Requirements for Federal Agencies
Read More

What do you do when you hear about a large-scale data breach?

No comments

According to a survey conducted by Lexington Law, most Americans either do not know what to do when they become aware of serious data breaches in the country or don’t care enough to check if their own data is secure. Especially cavalier about such breaches is the 18 to 24-year-old age group.

EthicalHatWhat do you do when you hear about a large-scale data breach?
Read More

Are Merchants Using Oracle’s Micros Retail POS Systems at Risk?

No comments

Meeting tight margins, pressing deadlines, Board and Customer expectations are the tasks of Retailers every single day. It is not easy to be competitive in this Market, whether you are a huge Enterprise, or a small to medium rapidly growing Business.

Team EthicalHatAre Merchants Using Oracle’s Micros Retail POS Systems at Risk?
Read More

All you need to know about Ransomware

No comments

What is Ransomware?

Ransomware is a type of malware which encrypts your personal files and sells the decryption key back to you for a ransom, normally in the range of hundreds to thousands of dollars.Android Ransomware Trend

Although the earliest examples of what could be considered modern ransomware date back to the beginning of 2012, ransomware became a widespread phenomenon towards the end of 2013 with the release of CryptoLocker.

The dramatic rise of ransomware can be explained by a combination of several factors: the ease at which criminals can deploy a working system, an increase in the use of Tor and bitcoin, as well as its high and immediate return on investment.

Team EthicalHatAll you need to know about Ransomware
Read More

Lessons Learned From the Bank of Bangladesh

No comments

When I was younger, I had a habit of focusing in on one thing. It was my mother who told me to “look at the big picture.”  The same is true in the world of information security. There are more things going on than meet the eye when it comes to keeping systems safe. One needs to take a systematic approach in looking at each individual domain.

Team EthicalHatLessons Learned From the Bank of Bangladesh
Read More

Modern Computer Security Protections from an Attacker’s Perspective

No comments

Since the early ‘80s, computer hackers have employed increasingly complex exploits to gain total control over servers, access confidential data, and spread malware and botnets. To combat this, starting around the turn of the century, hardware and software vendors have been developing and shipping protections that try and harden your machines against hackers. While most commercial anti-virus attempts to identify viruses by comparing behavior of currently running software with pre-created lists of behavior of known malware, these hardware and software protections operate in a fundamentally different fashion. Normally an inseparable part of either the operating system, the physical machinery, or the compiler used to generate the commercial software, these protections restrict what applications can do at runtime in order to prevent hackers from gaining control over the program and subsequent computer.

This post is meant as a walk through how state-of-the-art computer security has evolved in recent years, as well as a discussion on where we stand now and what to look for in the years ahead.

Team EthicalHatModern Computer Security Protections from an Attacker’s Perspective
Read More