Rich Campagna

Blog – Balbix

On September 7, 2017, Equifax issued a breach notification. What was breached? Personal records for a staggering 145 million Americans, including Social Security Numbers, birth dates, addresses, and more. Before the end of the month, Equifax’s CEO, CIO and CSO had all left the company. Eventually, the company would pay ... Read More

CVE-2020-1472, aka “Zerologon,” is making the news this week as a particularly troubling vulnerability. So troubling, in fact, that the US Department of Homeland Security has issued a directive that all Federal Agencies must have patched their Windows Servers by Monday, September 21, 2020, because it is a “vulnerability [that] ... Read More

Our customers often mention when we first meet that “we want to get away from days of delay that go by between a request for risk info and the response, and then action to mitigate the risk.” A series of events happened during the most recent Patch Tuesday at one ... Read More

Fresh off the three day Labor Day weekend, many of you are dealing with the September 2020 release of Microsoft’s monthly Patch Tuesday updates. There are 129 updates in this month’s roll-up, a slight increase over the 120 released in August. Of those, 32 CVEs can be executed by attackers ... Read More

CISOs that have enough budget and enough people on their teams have always been about as rare as hen’s teeth, but a confluence of challenges in today’s environment has made resource constraints even more painful for information security teams. Three particularly acute pain points for today’s CISOs include: Explosion of ... Read More

The acronym CVE has become synonymous with vulnerability. And perhaps rightly so – it’s a convenient, unique identifier that makes it easy for people to exchange information about the vulnerability, and the state of that vulnerability within an organization. Unfortunately, the CVE system can be very misleading because, while it ... Read More

You just finished reviewing the latest report from your vulnerability scanner and surprise, surprise, way more vulnerabilities reported than your vulnerability management program can hope to mitigate. As always. So what’s an enterprising infosec professional to do? Prioritizing based on CVSS Scores is the most common approach, one that your ... Read More

On August 5, 2018, a malware sample, now known as Glueball (CVE-2020-1464), targeting Microsoft Windows was uploaded to VirusTotal. Upon investigating the issue, the sample was forwarded to Microsoft for further investigation. In January, 2019, VirusTotal published a blog post about the issue, wrapping up by stating that, “Microsoft has ... Read More

New survey data shows that the majority (55%) of cybersecurity budgets are allocated towards reactive, rather than proactive, tools. Ask any infosec professional and they’ll tell you that a solid infosec strategy requires both reactive and proactive strategies, but could shifting this spend in the other direction result in organizations ... Read More

There are some amazingly high profile architectural landmarks that we meant to be temporary in nature. Believe it or not, famous structures such as The London Eye, the original Ferris Wheel, the San Francisco Palace of Fine Arts, and even the iconic Eiffel Tower, were all temporary structures that lived ... Read More