Introducing StealthAUDIT 11.5! Complete your cloud security puzzle. LEARN MORE
Stealthbits

INSIDER THREAT SECURITY BLOG

And other things that keep you up at night

Blog >Security

Browsed By
Category: Security

What is Sensitive Data?

Sensitive data is a term that we hear quite often these days, especially as it relates to the plethora of data privacy laws that have been introduced over the past several years. Seemingly, the sensitive data definition is simple: sensitive data is any information that needs to be protected. What that really means though is often dependent on the nature of the business conducted by an organization and even more so, the responsible governing body. What is Considered Sensitive Data? T…

Auditing Administrator Access Rights

| Adam Laub | | Leave a Comment
Identifying Administrative Privileges Across IT Resources Accounts with administrative and elevated privileges are necessary for both business and IT functions, but also represent a significant risk to your organization. Privileged credentials in the hands of the wrong user or an attacker can lead to a variety of undesirable outcomes, including data breaches, infrastructure outages, and compliance failures. Although Privileged Access Management (PAM) is recognized by CISOs and security pro…
Bypassing MFA with Pass-the-Cookie

Bypassing MFA with Pass-the-Cookie

| Jeff Warren | | Leave a Comment
Multi-factor Authentication (MFA) is a great way to increase security on web applications, remote desktop sessions, VPN, and virtually anywhere a user can log into. By introducing one or more additional factors into the authentication process you can prove somebody actually is who they say they are, and prevent a significant amount of impersonation and credential-based attacks.  However, when adopting and implementing MFA technology it is important to understand exactly what it d…
What is a Data Breach And How to Prevent One

What is a Data Breach and How to Prevent One

Data breach. There are fewer times that two simple words invoke so many fearful thoughts in the mind of a C-level executive. How did it happen? What was taken? What are we going to do? Who was responsible? There are many routes an organization may explore in terms of breach mitigation, but let us start at the beginning. This blog will cover some of the simple basics of a data breach – what it is, ways they are caused, etc. –  and some simple steps that an organization can …
What is the Principle of Least Privilege (POLP) - Definition and Best Practices

What is the Principle of Least Privilege (POLP)? – Definition and Best Practices

As part of a sound security structure, one of the most basic things a company can do is implement a principle of least privilege model within their organization. This blog will explain what this means and how this security model can up your security stature. Principle of Least Privilege Definition (POLP) The principle of least privilege stems from the idea that users should only have access to the resources that they need so they can adequately perform the duties that they are requi…
What Are Browser Cookies And How Do They Work?

What are Browser Cookies and How do They Work?

If you have ever surfed the web, you have almost certainly encountered browser cookies among your digital travels. Although for some they may be a nuisance, for the majority browser cookies are an essential part of the internet experience, often interacting with you without your knowledge. In this blog, I will take you through a 101 primer on browser cookies. For a more in-depth look at how they may affect the security of your IT environment, I invite you to read Jeff Warren’s blog on that…
SMBv3 Vulnerability Explained

SMBv3 Vulnerability Explained

| Kevin Joyce | | Leave a Comment
SMBGhost What Happened? This week, Microsoft accidentally published information around a newly identified vulnerability in SMBv3, which is being dubbed SMBGhost. This vulnerability can lead to remote code execution on the server, which is always a major concern as far as the severity of vulnerabilities go. The version affected specifically is 3.1.1, which is a more recent version. They mention that this can be exploited from an unauthenticated attacker who sends a specially crafted pack…
What is a Data Breach And How to Prevent One

What is a Ransomware Attack?

| Todd Kovalsky | | Leave a Comment
Million-dollar ransomware payouts, government protection, and ease of access will continue to fuel the growth of cybercrime. Imagine coming to work and turning on the computer only to see a message that says “repairing file system on C:” or “oops, your important files are encrypted” demanding a payment in bitcoin to decrypt them. A typical message displayed during a Ransomware attack When you read the headlines of six-figure ransomware payouts, you might begin to wonder how hacker g…

What is SMBv1 and Why You Should Disable it

| Kevin Joyce | | Leave a Comment
Eternally Affected What is SMB? Server Message Block (SMB) is a protocol used primarily for sharing files, printer services, and communication between computers on a network. The history of SMB is long, so I’ll try to keep this short and to the point. SMBv1 Back in the 1980s and 1990s IBM and Microsoft were working on implementations of SMB to improve and build upon the protocol. Microsoft actually pushed to rename SMB to Common Internet File System (CIFS) and added a bunch of…
An Oracle DBA's Guide to Microsoft SQL Server Security

An Oracle DBA’s Guide to Microsoft SQL Server Security

| Sujith Kumar | | Leave a Comment
In today’s world, it is quite common for companies to use more than one type of relational database platform to host enterprise applications.  If you are an old-time Oracle DBA like me and are asked to administer Microsoft SQL Servers in addition to Oracle databases, the task can be pretty daunting from a SQL Server security perspective.  In this blog, I will try to explain the differences and similarities between the Oracle and SQL Server security models.  The difference in security mode…

Subscribe

DON’T MISS A POST. SUBSCRIBE TO THE BLOG!


Loading

© 2022 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.

FREE TRIAL