INSIDER THREAT SECURITY BLOG

The California Consumer Privacy Act was signed into law in 2018 and went into effect on January 1st, 2020. With the EU’s GDPR paving the way, CCPA has a significant impact on how enterprises manage security and compliance for user data, as well as how data breaches are handled.  Simply put, the CCPA gives residents of the state of California greater control over their personal data, requiring companies to be more transparent&…

With breaches and cyber-attacks continually increasing every year, a constant stream of compromised passwords finds their way to the dark web for purchase and use. This should NOT be a surprise. 80% of breaches involved stolen or misused credentials1. And this makes sense … why use advanced attack techniques when stealing credentials and assuming user identities is easier, less detectable, and still works? Stealthbits leverages the “Have I Been Pwned” breach password dictionary within Stea…

StealthAUDIT, a best in its class Data Access Governance (DAG) tool utilizes Windows Management Instrumentation (WMI) extensively to gather various pieces of information from the targeted Windows servers.  While local WMI querying is straightforward to implement and troubleshoot, remote WMI querying is another story.  Setting up remote WMI query security is a pretty daunting task if you are not willing to use an account that is either part of the Domain Administrators group or Local Administr…

Sensitive data is a term that we hear quite often these days, especially as it relates to the plethora of data privacy laws that have been introduced over the past several years. Seemingly, the sensitive data definition is simple: sensitive data is any information that needs to be protected. What that really means though is often dependent on the nature of the business conducted by an organization and even more so, the responsible governing body. What is Considered Sensitive Data? T…

Identifying Administrative Privileges Across IT Resources Accounts with administrative and elevated privileges are necessary for both business and IT functions, but also represent a significant risk to your organization. Privileged credentials in the hands of the wrong user or an attacker can lead to a variety of undesirable outcomes, including data breaches, infrastructure outages, and compliance failures. Although Privileged Access Management (PAM) is recognized by CISOs and security pro…

Data breach. There are fewer times that two simple words invoke so many fearful thoughts in the mind of a C-level executive. How did it happen? What was taken? What are we going to do? Who was responsible? There are many routes an organization may explore in terms of breach mitigation, but let us start at the beginning. This blog will cover some of the simple basics of a data breach – what it is, ways they are caused, etc. –  and some simple steps that an organization can …

As part of a sound security structure, one of the most basic things a company can do is implement a principle of least privilege model within their organization. This blog will explain what this means and how this security model can up your security stature. Principle of Least Privilege Definition (POLP) The principle of least privilege stems from the idea that users should only have access to the resources that they need so they can adequately perform the duties that they are requi…

If you have ever surfed the web, you have almost certainly encountered browser cookies among your digital travels. Although for some they may be a nuisance, for the majority browser cookies are an essential part of the internet experience, often interacting with you without your knowledge. In this blog, I will take you through a 101 primer on browser cookies. For a more in-depth look at how they may affect the security of your IT environment, I invite you to read Jeff Warren’s blog on that…

SMBGhost What Happened? This week, Microsoft accidentally published information around a newly identified vulnerability in SMBv3, which is being dubbed SMBGhost. This vulnerability can lead to remote code execution on the server, which is always a major concern as far as the severity of vulnerabilities go. The version affected specifically is 3.1.1, which is a more recent version. They mention that this can be exploited from an unauthenticated attacker who sends a specially crafted pack…

Million-dollar ransomware payouts, government protection, and ease of access will continue to fuel the growth of cybercrime. Imagine coming to work and turning on the computer only to see a message that says “repairing file system on C:” or “oops, your important files are encrypted” demanding a payment in bitcoin to decrypt them. A typical message displayed during a Ransomware attack When you read the headlines of six-figure ransomware payouts, you might begin to wonder how hacker g…