Matt Pascucci

So You want to Work in Cybersecurity, eh?!

There is a massive need for cybersecurity professionals today and the need is only growing. We’ve seen estimates of anywhere between 2-3 million vacant jobs over the next three years. The demand is definitely bullish and showing no signs of stopping. With this being said, breaking into an industry is ... Read More
Matthew Pascucci

Why a Zero-trust Network with Authentication is Essential

Zero-trust networks are often deemed compromised and untrusted, making authentication variables essential to security. Expert Matthew Pascucci explains a zero-trust security model. In the past, we’ve done a great job of making networks accessible. But with this increased availability, we’ve opened the door for attackers to move more easily around ... Read More
CISO Roundtable

First Annual Long Island CISO Roundtable

Two weeks ago CCSI held its first annual CISO Roundtable to discuss cybersecurity trends, issues and solutions. The conversation was focused on how local CISO’s are currently handling security from an executive level. In attendance were ten cybersecurity leaders on Long Island who brought years of experience and expertise to ... Read More

LDAP injection: How can it be exploited in an attack?

|
Joomla is a popular content management system that accounts for almost 3% of all websites on the internet, and it has been downloaded over 84 million times. A static analysis organization called Rips Technologies recently found it to be vulnerable to an LDAP injection vulnerability. This vulnerability was in the ... Read More

BlueBorne vulnerabilities: Are your Bluetooth devices safe?

|
Last month, a series of Bluetooth vulnerabilities was discovered by research firm Armis Inc. that enables remote connection to a device without the affected users noticing.The vulnerabilities were reported on Android, Linux, Windows and iOS devices. These vendors were all contacted to create patches for the BlueBorne vulnerabilities and worked ... Read More

How can Windows digital signature check be defeated?

|
Recently, it was determined by a SpecterOps researcher, Matt Graeber, that there is a way to bypass a Windows digital signature check by editing two specific registry keys. This is an important discovery because Windows uses digital signature protection to validate the authenticity of binary files as a security measure.Digital ... Read More

Active Cyber Defense Certainty Act: Should we ‘hack back’?

|
Recently, a bill was proposed by Georgia Congressman Tom Graves named the Active Cyber Defense Certainty Act, which has now gone on to be called the hack back bill by individuals in the cyber community. This bill is being touted as a cyberdefense act that will enable those who have ... Read More

iOS updates: Why are some Apple products behind on updates?

|
A new study from mobile security vendor Zimperium Inc. showed that nearly a quarter of the iOS devices it scanned weren't running the latest version of the operating systems. If Apple controls iOS updates, and enterprise mobility management vendors can't block them, then why are so many devices running older ... Read More

PGP keys: Can accidental exposures be mitigated?

|
Recently, security researcher Juho Nurminen attempted to contact Adobe via their Product Security Incident Response Team (PSIRT) regarding a security bug he wanted to report. Instead, he stumbled across something much more vulnerable.It turns out that Adobe not only published their public key on their website, which is used to ... Read More

VMware AppDefense: How will it address endpoint security?

|
VMware recently added a new service called AppDefense to their cybersecurity portfolio that aims to lower false positives and utilize least privilege in order to secure endpoints living on the host. VMware also has NSX to create microsegmentation on the network layer, which can integrate into AppDefense. However, with AppDefense, ... Read More