So the Defense (also known as Blue team) has been inundated with spam, the goal of the spam(for the hackers) is for an unsuspecting user to give up their credentials(username and password). Hackers are always trying to get your usernames and passwords. Opening a word document? What if it included a small file that is … Read more
NIST 800-171 Compliance actually means DFARS Cybersecurity requirements must be met. The NIST 800-171 requirements have always vexed small manufacturers due to the specific wordiness, so the NIST (National Institute of Standards and Technology) has been trying to make this easier to understand with the following pdf: https://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf This is an important paragraph: from pdf Executive … Read more
Outsourcing is good, since we cannot specialize in everything we can focus on sales or inventory instead of mundane tasks. So what is important and what is mundane? That depends on your business… most businesses are not a software company, so obtaining software needs by outsourcing may be smart. Then the question is should you … Read more
This could make many “thought safe” Wi-Fi routers not so Here is where paying attention to new attacks is important. hashcat.net has the information: This attack does not even need a full EAPOL 4-way handshake, EAPOL stands for Extensible Authentication Protocol(EAP) over LAN. A simple 4-way handshake is shown pictorially below (from hitchhikersguidetolearning.com) This means that … Read more
Does the definition of unknown make measuring risk also unknown? Let’s assume a cloud account has been created on Amazon Cloud(AWS – Amazon Web Services) or elsewhere (Rackspace, Azure, or Google cloud) This cloud account will always be the Achilles heel of your Internet presence. I.e. if someone gets a hold of he main account … Read more