Countermeasures

The Vulnerability That Keeps On Giving: Seven New Variations of Spectre and Meltdown Discovered

Meltdown and Spectre Overview On January 8, 2018, Revolutionary Security reported on Meltdown and Spectre, which are kernel-level vulnerabilities impacting the processing of unauthorized local memory. These vulnerabilities take advantage of a CPU feature called “speculative execution,” which is leveraged by the CPU to optimize performance by running tasks that may not actually be required. The vulnerabilities reported in January take advantage of speculative execution and trick the processor to leak data returned from other applications under certain circumstances. The [...]

Cyber Intelligence Leads to Resiliency

Security by Compliance Within this blur of a technology driven society, time and time again we see companies that have designed a security operations center to meet their compliance needs, and yet still appear on the evening news as being a victim of a cyber attack.  Security’s goal, protecting the digital assets of an organization from attacks, differs from that of compliance, which is ensuring that the organization meets regulatory requirements. For examples of how an organization may be compliant with [...]

Everyone Knows Your Wi-Fi Password…Eventually

A good network administrator knows that a strong Wi-Fi password is crucial. Some even put up with the hassle of regularly scheduled password changes. However, not everyone has a deep understanding of why it is dangerous to deviate from these procedures. Knowing how Wi-Fi passwords are compromised can help convince administrators to use and stick to these best practices. Having a basic understanding of brute-force cracking can help them select a password that will be resilient to this type [...]

Validating Security Controls and Countermeasures with Penetration Testing

It’s been a few weeks and the dust is starting to settle following the reported data breach in September 2017 at Equifax, one of the big three credit reporting agencies. While other major data breaches have been the result of advanced methods possibly utilizing leaked classified attack techniques, this attack was performed by exploiting a well-known vulnerability within a popular web application. Although this vulnerability had a corrective software patch available, it was not applied to the vulnerable servers. In [...]