Your Login Credentials Are Worth $0.00005

Your Login Credentials Are Worth $0.00005

| | Breach Risk
Hacking group, Shiny Hunters, has gained quite a bit of notoriety in recent months by stealing, and then selling, credentials for a broad range of organizations. In total, the group’s user record haul stands at just over 174,000,000 accounts, all of which have been placed for sale on the dark ... Read More
Steven Levitt: "Why do crack dealers still live with their moms"

Why Hackers Live With Their Moms

| | hacker
If you've never read, Freakonomics, by Stephen Dubner and Steven Levitt, I highly recommend that you check it out. If ever it was possible for economics to be made highly entertaining, Freakonomics accomplishes that feat. Written in 2005, it's a bit old, but still highly relevant and fascinating ... Read More
Big Mac Song - 70's McDonalds Commercial - Two All Beef Patties

Why NIST Wants You to Remove Complexity from Your Password Policies

| | passwords
8 characters, special symbol, lower, upper, no repeating and a 90 day max. Try singing the de facto standard password policy and it sounds remarkably similar to the popular McDonald's Big Mac song of the 80's (for those too young, or too old, to remember, "two all beef patties, special ... Read More

5 Signs It’s Time to Hire Balbix for Vulnerability Management

In my last post, I provided 5 reasons why your vulnerability management solution might need to be fired. If you need to improve your enterprise security posture, the outdated approach of traditional vulnerability management tools likely isn't fitting the bill. Balbix was engineered to overcome the shortcomings of vulnerability management ... Read More

5 Signs it’s Time to Fire Your Vulnerability Management Solution

It may sound strange, but when we purchase a product or service, we do so because we expect it to do a job. We "hire" it. As long as it fulfills the need, it continues in our employ. If, at some point, the product no longer fulfills that need, or ... Read More

8 Most Common Attack Vectors

An attack vector is defined as the method or way by an adversary can breach or infiltrate an entire network/system. There are numerous ways that adversaries can exploit system vulnerabilities, and attack vectors enable that exploitation ... Read More
The 9 Types of Security Vulnerabilities

The 9 Types of Security Vulnerabilities

When a new type of security product hits the market, it doesn't typically belong to a defined "category." Over time, as the product gains widespread use, and as new competitors emerge, a category will be defined. Analysts, journalists, and a wide range of infosec professionals start referring to these products ... Read More

The 3 Reasons CVSS Scores Change Over Time

CVSS Scores are numeric representations of the severity of a vulnerability. CVSS scores are composed of three sub metric groups - CVSS Base Metrics, CVSS Temporal Metrics, and CVSS Environmental Metrics. In most cases, the CVSS score reported in the NIST NVD is only the Base Score. Strictly speaking, the ... Read More
6 Challenges New CISOs Face in Assessing Breach Risk

6 Challenges New CISOs Face in Assessing Breach Risk

Week 2 at the new gig as CISO of the hot company you've had your eye on for quite some time. No immediate red flags yet. Your team seems awesome, you're ready to get going as soon as you wake up, and in internal discussions, you've noticed that you are ... Read More
The Top 10 Routinely Exploited Vulnerabilities

The Top 10 Routinely Exploited Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently published the list of the Top 10 Routinely Exploited Vulnerabilities from 2016-2019. The list highlights the vulnerabilities leveraged by foreign cyber actors when targeting both public and private sector organizations. CISA and the FBI have ... Read More