Patching SIGRed: Windows CVE-2020-1350
In the July 2020 Patch Tuesday release, Microsoft has patched 13 critical and 83 important vulnerabilities, but one CVE in particular is getting the lion’s share of the attention. CVE-2020-1350, nicknamed “SIGRed,” targets DNS components in the Windows operating system and is particularly troubling because it can spread from machine ... Read More
BlueLeaks: Putting Out an APB for Appropriate Password Policies
In yet another blow to law enforcement, data belonging to over 200 police departments, some of which is highly sensitive, has been leaked online in the so-called BlueLeaks collection. The BlueLeaks data amounted to more than 270GB of information, and includes highly sensitive information including routing and bank account numbers, ... Read More
Why It Takes 10x Longer to Patch Than It Does to Exploit
Less than 10% of vulnerabilities will ever be exploited in the wild. That’s the good news. The bad news? Of those that are weaponized, it will only take 7-14 days after CVE disclosure for an exploit to be made available, but it will take your organization (yes, yours) 85-100 days ... Read More
Your Login Credentials Are Worth $0.00005
Hacking group, Shiny Hunters, has gained quite a bit of notoriety in recent months by stealing, and then selling, credentials for a broad range of organizations. In total, the group’s user record haul stands at just over 174,000,000 accounts, all of which have been placed for sale on the dark ... Read More
Your Login Credentials Are Worth $0.00005
Hacking group, Shiny Hunters, has gained quite a bit of notoriety in recent months by stealing, and then selling, credentials for a broad range of organizations. In total, the group’s user record haul stands at just over 174,000,000 accounts, all of which have been placed for sale on the dark ... Read More
Why Hackers Live With Their Moms
If you've never read, Freakonomics, by Stephen Dubner and Steven Levitt, I highly recommend that you check it out. If ever it was possible for economics to be made highly entertaining, Freakonomics accomplishes that feat. Written in 2005, it's a bit old, but still highly relevant and fascinating ... Read More
Why NIST Wants You to Remove Complexity from Your Password Policies
8 characters, special symbol, lower, upper, no repeating and a 90 day max. Try singing the de facto standard password policy and it sounds remarkably similar to the popular McDonald's Big Mac song of the 80's (for those too young, or too old, to remember, "two all beef patties, special ... Read More
5 Signs It’s Time to Hire Balbix for Vulnerability Management
In my last post, I provided 5 reasons why your vulnerability management solution might need to be fired. If you need to improve your enterprise security posture, the outdated approach of traditional vulnerability management tools likely isn't fitting the bill. Balbix was engineered to overcome the shortcomings of vulnerability management ... Read More
5 Signs it’s Time to Fire Your Vulnerability Management Solution
It may sound strange, but when we purchase a product or service, we do so because we expect it to do a job. We "hire" it. As long as it fulfills the need, it continues in our employ. If, at some point, the product no longer fulfills that need, or ... Read More
8 Most Common Attack Vectors
An attack vector is defined as the method or way by an adversary can breach or infiltrate an entire network/system. There are numerous ways that adversaries can exploit system vulnerabilities, and attack vectors enable that exploitation ... Read More
