Optiv Blog

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 13

· By Joshua Platz · 0 Comments

Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.

Continue reading 0 Shares

No One Plans to Fail, but Many Fail to Plan

· By Dawn-Marie Hutchinson · 0 Comments

In the information security community, we talk often about incident response plans and the need to conduct regular tabletop exercises. Where we fail is to prepare at the enterprise level. What happens when your corporate policy prohibits retainer services for technology work, but you need a technical first-response team? What is your enterprise approval policy for high dollar value expenditures?

Continue reading 0 Shares

Tax Season Attacks – Part 3, Shoulder Surfing

· By Tallal Ibad, Nicolle Neulist · 0 Comments

Shoulder surfing certainly is not the most technical form of identity theft, but it has been an effective means to commit fraud. Shoulder surfing is the practice of looking over someone’s shoulder to get information. A casual glance from behind, or a quick look at paperwork on a desk, can be enough for an attacker to obtain passwords, credit card data, PINs, and other personal and financial data. It is low-tech, but it works.

Continue reading 0 Shares

Reducing Your Personal Attack Surface

· By James Robinson · 0 Comments

Many of us are consumers of technology, I would consider myself in the upper echelon of this group. I own multiple laptops, desktops, servers, cloud-based workstations, tablets, mobile devices, smart fashionware and social media accounts, to name a few. But, with this enthusiasm and love for the newest gadget or tool to stay connected comes a new risk – one that organizations have been fighting for years, and the consumer is starting to face. This is the risk of your personal attack surface.

Continue reading 0 Shares

Always Use Protection

· By Michael Soto · 0 Comments

The pace at which security exploits are being discovered on mobile operating systems is skyrocketing. They’re also having a major impact on device security, performance, and in some circumstances, can render your device useless and irreparably damaged. I’ll say it again. Your device can be rendered useless and irreparably damaged.

Continue reading 0 Shares

iOS 9 Updates and Apple iPhone Hardware Upgrades

· By Ping Look · 0 Comments

With the release of the new iPhone 6s/6s Plus last Friday, and the launch of iOS 9 the previous week, many people are eager to buy and/or download the latest and greatest from Apple. But with any upgrades, it is important that you also take time to upgrade your settings to increase your privacy and security. Below is a comprehensive list we recommend you implement if using iOS 9 on any of your devices.

Continue reading 0 Shares

How Not to Obfuscate Passwords in Code

· By Tim MalcomVetter · 0 Comments

Software programs, from client-server to web to mobile, often need credentials to access a resource like a database or a web service. Storing these passwords is not an easy task, since there are so many potential threats. If one of those threats is an adversary able to disassemble your compiled code, well … all bets are probably off.

Continue reading 0 Shares

Pull My Finger...print

· By Michael Soto · 0 Comments

It appears yet another Android vulnerability has been identified that is worthy of mention. As you may know, a few days ago at the Black Hat conference, new methods to exfiltrate fingerprint data from Android devices were revealed.

Continue reading 0 Shares

How Not To Prevent CSRF in a RESTful Service

· By Tim MalcomVetter · 0 Comments

Last Friday, Bluecoat and CERT published security advisories for vulnerabilities in the administrative interface of the Bluecoat SSL Visibility Appliances, now patched in version 3.8.4-15 (CVE-2015-2852, CVE-2015-2853, CVE-2015-2854, and CVE-2015-2855). Since FishNet Security originally identified these vulnerabilities, this will be the “inside baseball” report on some of the details we have been sitting on while the products were fixed.

Continue reading 0 Shares

East-West Visibility: Seeing the Peripheral Threats

· By Tyler Mullican · 0 Comments

East-west visibility refers to the ability to see traffic or malicious activity that is contained within your network. After an internal or external attacker has gained access to your network, seeing, detecting and tracking their actions is paramount to reducing the likelihood of exfiltration of data. The need to gain visibility has become apparent as traditional defenses alone are unable to keep pace with attackers.

Continue reading 0 Shares
(104 Results)