Posts
Cybersecurity Reporting Act Ratified
On Tuesday, as part of the omnibus bill, President Biden signed into law the Cybersecurity Reporting Act. This act requires companies operating in critical infrastructure to report to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours after they discover they are under cyberattack. It also requires these same companies to report to the […]
Time to Check with Your EDR Vendor
This month (January 2022), a team of researchers at the University of Piraeus, working in the informatics department, devised, and ran a series of tests to determine the state of Endpoint Detection/Response (EDR) systems as a follow up to a previously released paper. The researchers chose four attack methods that are found in the “wild,” […]
Getting Ready for Round Three
In the wake of the Solar Winds upstream attack we find ourselves in the midst of the ProxyLogon attacks on Microsoft Exchange servers. Both of these have a high penetration in their field of victims (18,000 for Solar Winds and 400,000 for ProxyLogon). But there’s more to come and the third round is going to […]
A Singular Key to Security
In this series of articles I am going to introduce a method of security that is rarely employed by individuals or companies, but provides great protection from both local and remote exploits. It is extremely good because it renders automated attack code, and even previously written hacking tools, useless. It has been in the arsenal […]