It seems it is not so hard to hire a hacker for evil. Several articles discuss the how and why: http://bgr.com/2015/01/16/how-to-hire-a-hacker/ There is even a website that apparently had so much traffic that it bogged down with traffic. NakedSecurity article: https://nakedsecurity.sophos.com/2015/01/19/hackers-for-hire-hackers-list-for-those-with-no-ethics-or-espionage-skills/ Notice how much traffic some evil is creating, and it is the little “projects” … Read more
Massive cyberattacks, difficult configurations? what to do from here? All I have is some unusable data to the hackers – what is important about our stuff. We are inundated with cyberattacks in the news and more terrorist attacks (beheadings, shootings, death etc.) We have to have intent of protecting our assets to the best of … Read more
1. Obtain a technology that will be able to see the attacker trying to communicate with the attack software(malware etc) in your network. This system should have the capability to remove network traffic if it does not pass your rules. The NGFW Next Generation FireWall with an included Intrusion Prevention System(IPS) can get this job … Read more
We know the problems with the Anthem Breach: no encryption But does it mean you should encrypt your data? What does it mean to “encrypt the data” What if your data is “stolen” with correct credentials, i.e. if someone has the username and password then it is over, whether the data is encrypted matters … Read more
Why can’t I just use an automated service like http://www.trust-guard.com ? One reason to reconsider only using Trust-guard is that it is not QSA certified from the PCI Security Standards council: https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php As a pentester (penetration tester) we use a QSA certified tool to verify vulnerability assessments on your resources. (such as Nessus) we have also used … Read more