In this series, ProCircular’s team of information security specialists will break down the top cybersecurity risks for small and medium-sized businesses in 2023. How do SMBs prepare for cybersecurity threats and prevent security incidents? Trevor Burke lays out the special precautionsorganizations can take to lower the likelihood of incidents caused by internal threats.
Topics: Data Protection & Privacy, Security Awareness, Advisory & CAP
When in doubt, try "Password123" - How I guessed your password
During a penetration test, login credentials are a highly sought-after item. While it is common to harvest that information via email scams (phishing attacks), it is not always the most practical or effective tactic to gain unauthorized access. That access, however, still requires a valid set of credentials. This poses a challenge. How does an attacker find valid accounts without social engineering? There are two main options: breached credentials and password spraying.
Topics: Data Protection & Privacy, Security Awareness, Monitoring & Detection
Topics: Data Protection & Privacy
As a cybersecurity engineer and an unapologetically enthusiastic “web guy,” I have both a personal and professional interest in finding new exploitation methods. Recently, I found an interesting and creative way to control a browser by exploiting a cross-site scripting (XSS) vulnerability. I learn by doing, so I executed the concept to see it work in practice. Without spoiling too much, I was very pleased with the results! This attack uses nothing more than Netcat and some clever XSS injection code. For those unfamiliar with Netcat, it’s a networking utility that reads and writes data across network connections.
Topics: Data Protection & Privacy, Penetration Testing, Monitoring & Detection
How do you know if you have a solid cybersecurity program? You may have anti-virus installed and you change your computer password quarterly, but how do you know if your security program is truly effective? When you can’t see your gaps, it’s hard to make improvements and even harder to pick up the pieces after a security breach. That’s why Cybersecurity Consultants, like ProCircular’s Andrew Chipman, collect all the information they can, then measure your active security controls against their library of applicable standards.
Topics: Data Protection & Privacy, Healthcare, Manufacturing, Advisory & CAP, Compliance & Governance
