PROCIRCULAR BLOG

Educating your business on the importance of cybersecurity

When in doubt, try "Password123" - How I guessed your password

Posted by Mike Hedlund on Dec 10, 2021 2:56:13 PM

During a penetration test, login credentials are a highly sought-after item. While it is common to harvest that information via email scams (phishing attacks), it is not always the most practical or effective tactic to gain unauthorized access. That access, however, still requires a valid set of credentials. This poses a challenge. How does an attacker find valid accounts without social engineering? There are two main options: breached credentials and password spraying.

Read More
0 Comments Click here to read/write comments

Topics: Cybersecurity, Network Security, Data Protection, Personal Data Protection, Security Awareness Training, Passwords, Monitoring

How to Spot and Stop Today's Malicious Emails

Posted by Dawson Medin on May 3, 2021 9:35:29 AM
Phishing Attacks
During a phishing attack , attackers use social engineering and malicious emails to steal valid credentials from users. Attackers can use these credentials to begin more complicated attacks, or they can bundle and sell them to other cybercriminals . The attacker s lie about their identity and objectives to collect login information from unassuming victims or to get them to download malicious content . These emails might ask you to enter your password into a spoofed login page or send that information directly back to the sender . Although these scams are well - known, they are occasionally hard to spot, and they have a high rate of success . If you don’t encounter many of these emails, they may be caught in your junk folder. If this is the case, your email filtering is working effectively and removing potentially harmful phishing attempts. There is no reason to recover phishing emails from a junk folder.
 
Extortion Attacks
Extortion emails work a little differently . In this increasingly popular type of attack, the hackers claim to already have access to some sensitive information. That information could include anything from login credentials to embarrass ing photo s. Whatever they choose is something designed to prompt an urgent and desperate reaction from the recipient. In the email, they lay out what they have against their target, then threaten to blackmail them for money.
These types of emails are des igned to be scary. They are supposed to make the victim feel so frantic that they act without thinking. If you ever receive a threatening extortion email, remain calm and report it t hrough the proper channels. In this post, we’ll break down a poorly writte n extortion email that was sent to my junk folder.
Read More
0 Comments Click here to read/write comments

Topics: Information Security, Data Protection, Personal Data Protection

Using an Interactive Cross-site Scripting Backdoor

Posted by Bill Thomas on Feb 26, 2021 3:29:48 PM

As a cybersecurity engineer and an unapologetically enthusiastic “web guy,” I have both a personal and professional interest in finding new exploitation methods. Recently, I found an interesting and creative way to control a browser by exploiting a cross-site scripting (XSS) vulnerability. I learn by doing, so I executed the concept to see it work in practice. Without spoiling too much, I was very pleased with the results! This attack uses nothing more than Netcat and some clever XSS injection code. For those unfamiliar with Netcat, it’s a networking utility that reads and writes data across network connections.

Read More
0 Comments Click here to read/write comments

Topics: Network Security, Data Protection, Penetration Testing, hacking

What is a Cybersecurity Consultant?

Posted by Lindy Trout on Oct 22, 2020 12:50:18 PM

How do you know if you have a solid cybersecurity program? You may have anti-virus installed and you change your computer password quarterly, but how do you know if your security program is truly effective? When you can’t see your gaps, it’s hard to make improvements and even harder to pick up the pieces after a security breach. That’s why Cybersecurity Consultants, like ProCircular’s Andrew Chipman, collect all the information they can, then measure your active security controls against their library of applicable standards.

Read More
0 Comments Click here to read/write comments

Topics: HIPAA, Information Security, Data Protection, it risk assessment, DFARS, Manufacturing, risk

The Importance of Password Entropy

Posted by Josh Magri on May 30, 2019 12:12:30 PM

If you’re reading this, it’s very likely that you know how to use the internet. It’s also likely you’ve made an account on the internet somewhere. When you created your last account, what kind of requirements were you forced to use? For a number of web services, these requirements still follow the 2003 NIST SP 800-63 Appendix A standards that recommend an 8-character minimum, containing one uppercase, one lowercase, one digit, and one special character (Ex: Procircular1!).

Read More
0 Comments Click here to read/write comments

Topics: Cybersecurity, Data Protection, Personal Privacy, hacking, NIST, Passwords

All posts
  • There are no suggestions because the search field is empty.

ProCircular is a Full-Service Information Security Firm

We are passionate about helping businesses navigate the complex world of information security, and our blog is another great source of inforamtion. We can assist you no matter where you are in your security maturity journey:

  • Breached or hit with ransomware?
  • Don't know where to start? 
  • Looking to confirm your security with a third party?

Secure your future with ProCircular.

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates