• Blog

  • Hafnium Exchange Server Attacks

    Hafnium is a threat actor group actively targeting Exchange Servers with Outlook Web Access (also known as "OWA") available from the Internet. The underlying problem is due to what's called zero day exploits in Microsoft Exchange. These exploits allow the Hafnium threat actors to gain access to and[...]

    Read more

    C2M2 Cybersecurity Maturity Model

    The C2M2 capability maturity model is a framework for measuring the maturity level of your security program. Another popular approach is the CMMI (Capability Maturity Model Integration).The CMMI measure 5 levels of maturity on a scale of 1-5. CMMI defines the following maturity levels for [...]

    Read more

    With recent guidance and initiatives from the government about cyber security, organizations have been taking action to determine where they are at from a security perspective and what steps they need to take to better protect their digital assets. We help answer that question with security maturity[...]

    Read more

    Why You Should Use a Password Manager

    A Password manager is an application that allows you to securely store and keep track of your usernames and passwords. This is important because you shouldn't be using the same password across multiple sites. When you use the same password across multiple sites and one of them gets breached, your [...]

    Read more

    Top Cyber Security Risks for Businesses

    Cyber Security risks are something most organization are struggling to figure out. What I see happening in a lot of organizations is a lack of understanding of what bad things can happen and what the impact will be.The reasons for this differ across organizations, but the most common reasons I [...]

    Read more

    IDOR Vulnerabilities

    February 15, 2021
    IDOR Vulnerabilities

    IDOR vulnerabilities are a common problem we see during web application penetration tests. Insecure direct object references (IDOR) are a type of access control vulnerability that occurs when a web application uses user-supplied input to access objects directly.The OWASP Top 10 in 2013 listed [...]

    Read more

    Penetration Testing in Oklahoma City

    Penetration Testing is a service Crossroads Information Security offers that tests effectiveness of the security controls in your organization. Our penetration testing services have three options to choose from:Red Team Engagement: This is the traditional approach to penetration testing. Our [...]

    Read more

    Privacy and the move to Signal

    Signal just experienced a boost to its user base due to WhatsApp's recent policy changes. The need for privacy seems to be the main driver for this sudden rush to Signal, but what is the issue with privacy and how did we get here? Let's take a look at the story around privacy.From my [...]

    Read more

    Securing Your Network on a Budget

    Securing your network on a budget is a challenge most organizations face. Questions come to mind such as:Are we investing enough in information security?Are we over investing in information security?What are other companies like ours investing?What are our competitors doing for information [...]

    Read more

    How to Catch a Hacker

    January 14, 2021
    How to Catch a Hacker

    How to catch a hacker is a question that I get on a regular basis. Your success in catching a hacker largely depends on your preparation before you are hacked. Traditional incident response is the typical ways of catching a hacker, but in some cases that approach is cost prohibitive.When a [...]

    Read more

    2 of page 6