Stealthbits

INSIDER THREAT SECURITY BLOG

And other things that keep you up at night

Blog >Search

Featured Blog

Easily Prevent More Breaches by Simply Preventing Bad Passwords

| Rod Simmons | | Leave a Comment
A recent cyber-attack on the Canadian government was successful because of a well-known attack technique, credential stuffing. If you’re not familiar, credential stuffing is just taking credentials from one breach and using it to compromise a new organization.  It is successful because 62% of people reuse personal passwords on work systems. News of this attack broke on Monday, August 17, 2020, and it highlights how real the cyberattack risk is for every organization. T…

The Growth of Global Data Privacy Laws – Beyond GDPR & CCPA

| Dan Piazza | | Leave a Comment
The push for data privacy has exploded in recent years, with regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) leading the charge. This means consumers around the globe are gaining rights regarding how their data is collected, stored, and sold, as well as more ways to hold companies accountable when poor data security practices lead to data breaches involving their personally identifiable information (PII…

NTFS File Streams – What Are They?

NTFS file streams, also known as alternate data streams (ADS), are part of every file, as well as directories (folders), in a Windows NTFS volume.  NTFS files and folders are comprised of attributes one of which is $Data.  The content we normally associate with a file such as the text in a .txt file or the executable code in a .exe file is stored in the ‘default’ $Data attribute or ‘stream’.  The name string of this default attribute is empty (set to “”) thus it is often refer…

Data Subject Access Requests (DSAR) – How to Prepare & Respond

| Dan Piazza | | Leave a Comment
A term popularized by the EU’s General Data Protection Regulation (GDPR), a Data Subject Access Request, also known as a DSAR, is an individual’s right to request information on personally identifiable information (PII) an organization has gathered about them, how that organization is using that data, and who that data has been shared with. PII includes names, social security numbers, phone numbers, behavioral data, and more; pretty much anything that can be used to identify a specific indiv…

‘Just-in-Time’ (JIT) – What Does it Mean and How Does it Get Misused?

Just-in-Time, JIT, or just plain old ‘Just in Time’; however you say it, we all understand its meaning – “at time requested” – it’s not a difficult concept. Unfortunately, like anything else, the definition blurs when you start adding context; in this case specifically, Privileged Access Management (PAM). JIT can mean a lot of different things to different people, so let’s come to some common ground around the Just-In-Time (JIT) term. What it is and what it is not? Every…

Types of Azure Storage: Blobs, Files, Queues, Tables, & Disks

Azure Storage is Microsoft’s cloud platform for scalable, modern data storage. If the number of options overwhelms you, then keep reading. Each Azure storage offering will be broken down into simple terms, while also addressing other things to consider when choosing a solution. To make things easier for users, Azure Storage offerings are: Cloud-basedDurableHighly availableSecureScalableManagedAccessible However, there’s not just one storage solution that fits all workflows. First, w…

Pro Tip – StealthINTERCEPT DB Maintenance Best Practices

It is important to monitor the size of the NVMonitorData SQL database that is used by StealthINTERCEPT (SI) to store the event data it collects. In production environments, the event dataset can grow significantly over time.  If left unchecked this DB growth will lead to excessive disk space usage and slowing performance over time inserting new event data.  In addition, users can encounter slow performance reporting data via either the SI Console or the Web Reporting modu…

What is an Access Link in SharePoint Online?

This is what it looks like to create an access link, in this blog I will explain which settings affect what options are available on these link creation pages. SharePoint is all about collaboration and sharing, and in the SharePoint Online cloud, giving access to resources is a bit different than the traditional method of giving a user or group access to something. In SharePoint Online access is primarily controlled via Access Links which can …

NIST Password Guidelines in 2020

| Dan Piazza | | Leave a Comment
What are NIST Password Guidelines? Since 2014, the National Institute of Standards and Technology (NIST, a U.S. federal agency) has issued requirements and controls for digital identities, including authentication, passwords (known as “memorized secrets”), and more via Special Publication 800-63B. The latest revision (rev. 3) was released in 2017, with updates as recent as 2019. Revision 4 is currently open for comment and review, however, revision 3 is still the standard as of the time o…

Lateral Movement to the Cloud with Pass-the-PRT

There are several well-documented ways attackers and malware can spread laterally across Windows servers and desktops.  Approaches like pass-the-ticket, pass-the-hash, overpass-the-hash, and Golden Tickets continue to be effective lateral movement techniques.  Lateral movement has become increasingly present in targeted ransomware threats, such as Ryuk and WastedLocker.  And as if that wasn’t enough to worry about, new research has…

Subscribe

DON’T MISS A POST. SUBSCRIBE TO THE BLOG!

 

Loading

© 2020 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.

FREE TRIAL