Hafnium is a threat actor group actively targeting Exchange Servers with Outlook Web Access (also known as "OWA") available from the Internet. The underlying problem is due to what's called zero day exploits in Microsoft Exchange. These exploits allow the Hafnium threat actors to gain access to and[...]
The C2M2 capability maturity model is a framework for measuring the maturity level of your security program. Another popular approach is the CMMI (Capability Maturity Model Integration).The CMMI measure 5 levels of maturity on a scale of 1-5. CMMI defines the following maturity levels for [...]
With recent guidance and initiatives from the government about cyber security, organizations have been taking action to determine where they are at from a security perspective and what steps they need to take to better protect their digital assets. We help answer that question with security maturity[...]
A Password manager is an application that allows you to securely store and keep track of your usernames and passwords. This is important because you shouldn't be using the same password across multiple sites. When you use the same password across multiple sites and one of them gets breached, your [...]
Cyber Security risks are something most organization are struggling to figure out. What I see happening in a lot of organizations is a lack of understanding of what bad things can happen and what the impact will be.The reasons for this differ across organizations, but the most common reasons I [...]
IDOR vulnerabilities are a common problem we see during web application penetration tests. Insecure direct object references (IDOR) are a type of access control vulnerability that occurs when a web application uses user-supplied input to access objects directly.The OWASP Top 10 in 2013 listed [...]
Penetration Testing is a service Crossroads Information Security offers that tests effectiveness of the security controls in your organization. Our penetration testing services have three options to choose from:Red Team Engagement: This is the traditional approach to penetration testing. Our [...]
Signal just experienced a boost to its user base due to WhatsApp's recent policy changes. The need for privacy seems to be the main driver for this sudden rush to Signal, but what is the issue with privacy and how did we get here? Let's take a look at the story around privacy.From my [...]
Securing your network on a budget is a challenge most organizations face. Questions come to mind such as:Are we investing enough in information security?Are we over investing in information security?What are other companies like ours investing?What are our competitors doing for information [...]
How to catch a hacker is a question that I get on a regular basis. Your success in catching a hacker largely depends on your preparation before you are hacked. Traditional incident response is the typical ways of catching a hacker, but in some cases that approach is cost prohibitive.When a [...]
Newsletter
