PROCIRCULAR BLOG

Educating your business on the importance of cybersecurity

Benefits Of Web App Penetration Testing & Ethical Hacking

Posted by Lindy Trout on Apr 28, 2022 8:59:20 AM

How does a new application transition from being theoretically secure to real-world secure? Security controls are necessary, but it’s even more important to ensure they are implemented, enforced, and hardened correctly before the application is exposed to the internet. Start with a Web Application Penetration Test to reveal the most critical areas for improvement and outline a clear path to securing those vulnerabilities. This assessment is performed similarly to an External & Internal Network Penetration Test; an ethical (white hat) hacker scours your site (or network) for low-hanging fruit and hidden weaknesses, so you can put up the right defenses before the hackers in the wild have a chance to attack!

Read More

Topics: Penetration Testing

Legality of Ransom Payments

Posted by Aaron R. Warner on Feb 1, 2022 3:44:30 PM

As clients begin to recognize and prepare against the threat of ransomware attacks, one tricky question keeps coming up. Is paying a ransom “illegal yet?”. No company is champing at the bit to make unplanned payments, especially not to potential terrorists on the OFAC list, but the legality of the matter depends on a few factors. *Please note that ProCircular does not provide legal advice, rather, we disseminate guidance from the top legal authorities.

As a cybersecurity professional and business owner, I keep a close eye on the everchanging recommendations surrounding ransomware attacks and incident management. I found the following document to be one of the more up-to-date (at least by government standards) and straightforward pieces available on the topic. Here's the short version:

“In the context of hostage-taking, for example, DOJ clarified in 2015 that it “has never used the material support statute to prosecute a hostage’s family or friends for paying a ransom for the safe return of their loved one.”67

Basically, there is a low likelihood of prosecution for making ransom payments, even when it is paid to a known threat actor on the OFAC denied persons list. I would only expect to see legal action taken if a very large company went through with the payment while it was expressly illegal. Even then, the punishment would be intended to make an example rather than punish the victim.

Read More

Topics: Incident Response, Ransomware

How To Prepare A Cyber Security Incident Response Plan & Incident Response Team For A Cyber Attack

Posted by Joey Marinello on Jan 13, 2022 11:22:24 AM

New cyberattacks are discovered every single day. Organizations should not be considering if they will be attacked, but rather when they will be attacked and what proactive measures must be taken to ensure the company will survive.

Read More

Topics: Incident Response

When in doubt, try "Password123" - How I guessed your password

Posted by Mike Hedlund on Dec 10, 2021 2:56:13 PM

During a penetration test, login credentials are a highly sought-after item. While it is common to harvest that information via email scams (phishing attacks), it is not always the most practical or effective tactic to gain unauthorized access. That access, however, still requires a valid set of credentials. This poses a challenge. How does an attacker find valid accounts without social engineering? There are two main options: breached credentials and password spraying.

Read More

Topics: Cybersecurity, Network Security, Data Protection, Personal Data Protection, Security Awareness Training, Passwords, Monitoring

Top 4 Cybersecurity Risks of Mergers and Acquisitions (M&As)

Posted by Brandon Blankenship on Nov 11, 2021 10:58:22 AM

Buying a risky or vulnerable company is avoidable, and what you don't know can hurt you. Even with insurance or financial indemnification, cybersecurity breaches represent significant capital investment and brand risk. Cyber-related compliance requirements are often poorly understood, difficult to detect, introduce reputational risk, and cost time lost with outside auditors.   

Read More

    ProCircular is a Full-Service Information Security Firm

    We are passionate about helping businesses navigate the complex world of information security, and our blog is another great source of inforamtion. We can assist you no matter where you are in your security maturity journey:

    • Breached or hit with ransomware?
    • Don't know where to start? 
    • Looking to confirm your security with a third party?

    Secure your future with ProCircular.

    Recent Posts

    Subscribe to Email Updates