ProCircular Information Security Experts Corner

Multi-Factor Authentication

Posted by Scott Taft on Jul 23, 2019 10:35:00 AM

At this point, everyone has probably heard a speech about how important it is to have a strong password. It is true that a strong password is extremely important in preventing an attacker from guessing or cracking it. However, it does not help against those annoying and ever-present phishing attacks when a user unknowingly hands over their password. And unfortunately, it’s almost inevitable that this will happen. This means that there will always be a question about the security of a password.

Read More

Topics: Cybersecurity, Information Security, Personal Data Protection, Passwords

Where the Holes Aren't

Posted by Zach Zaffis on Jul 16, 2019 11:19:00 AM

Let’s just say there’s a lot to learn from history without quoting Sun Tzu… again. Especially in information and cybersecurity. While much of the birth of cyber realm revolves around the military - many of the members of our community are current or former members of various armed forces - many of us still refer to the military influence of old when working through our business planning and various actions revolving around cybersecurity. A great example is the common use or reference to Boyd’s OODA (Observe–Orient–Decide–Act) loop flow chart in both attack and defensive security applications. In sticking to a military theme, I want to touch on a story from World War II and its applicability in today’s modern cybersecurity world.

Read More

Topics: Cybersecurity, Network Security, Information Security, Penetration Testing

LLMNR & NBT-NS Spoofing

Posted by Dawson Medin on Apr 30, 2019 2:09:00 PM

During a penetration test, we’ve found that a common (and easy) way to gather credentials and gain an initial foothold on the client’s network is to perform a Man-in-the-Middle poisoning attack abusing LLMNR & NBT-NS. Depending on how active users are on the network, this attack can give an adversary valuable information almost immediately. Fortunately, with a little knowledge, this attack can be easily remediated.

What is LLMNR & NBT-NS? 

Read More

Topics: Cybersecurity, Network Security, Information Security, hacking

Cybersecurity: Real vs. Checking the Box

Posted by Brandon Blankenship on Feb 28, 2019 3:38:00 PM

The reason we wear our seat belts is not to avoid getting a ticket from the police, but rather to avoid a potential injury in a car accident. This analogy is an easy way to describe the difference between box-checking security and real security, and it's instantly understood regardless of technical knowledge. This message resonates with executives, because they typically prefer to “get to the point” and correctly protecting their data is “the point” of cybersecurity.

Read More

Topics: HIPAA, Information Security, consumer security, Data Security, Data Protection, Vulnerability Assessment, it risk assessment, DFARS, cybersecurity plan, NIST

From the Front Lines of Malware Detection

Posted by Bryan Prather-Huff on Jan 24, 2019 3:24:18 PM

Everyone has (or should have) an anti-virus solution. It's probably barked at you once or twice for downloading a file from a sketchy website or opening a link from an email you didn't quite recognize. But how does your anti-virus know what programs are bad, and what programs are good?

Read More

Topics: Cybersecurity, Information Security, Incident Rsponse, security incident handling, security incident response, cybersecurity plan, SIEM

ProCircular is a Full-Service Information Security Firm

We are passionate about helping businesses navigate the complex world of information security, and our blog is another great source of inforamtion. We can assist you no matter where you are in your security maturity journey:

  • Breached or hit with ransomware?
  • Don't know where to start? 
  • Looking to confirm your security with a third party?

Secure your future with ProCircular.

Recent Posts

Subscribe to Email Updates