Featured content

Picture this scenario: You log into your computer on any random Thursday, and Windows Defender won’t start. You manually kick it off, and you get the message “Windows Defender is turned off by group policy.”

In case you haven’t noticed, we’ve been championing PowerShell as a pentesting tool in more than a few blog posts. One big reason to learn PowerShell and use it to find security holes in your own IT systems is … that’s exactly what hackers are doing themselves! They’re leveraging PowerShell to run “file-less” malware, which are non-binary files that can’t easily be detected by anti-virus (AV) solutions.

Managing permissions is a colossal job fraught with peril, and over-permissive folders are the bane of InfoSec and a hacker’s delight. Many organizations employ IAM (Identity Access Management) to help manage and govern access to applications and other corporate resources.

Cloud Access Security Brokers (CASB) are a security application that helps organizations manage and protect the data stored in the cloud. Gartner advises organizations to find a “Goldilocks” CASB solution —one that provides just-right capabilities for SaaS applications and Cloud infrastructure.

What is Cerber? Cerber ransomware is ransomware-as-a-service (RaaS), which means that the attacker licenses Cerber ransomware over the internet and splits the ransom with the developer. For a 40% cut of the ransom, you can sign-up as a Cerber affiliate and deliver all the Cerber ransomware you want. Most ransomware doesn’t use this service paradigm. Typically, an attacker would adapt and deliver the ransomware and keep all of the money. By setting up Cerber as RaaS the developer and partner are able to send more attacks with less work.

Capital One’s breach of more than 100 million customer records is making headlines around the world. The sheer number of stolen records, including social security numbers, credit card applications, and more places the breach near the top of a growing list of recent mega-breaches.

UEBA can either stand for “User and Event Behavior Analytics” or “User and Entity Behavior Analytics.” It extends on an early type of cybersecurity practice – User Behavior Analytics, or UBA – which uses machine learning and deep learning to model the behavior of users on corporate networks, and highlights anonymous behavior that could be the sign of a cyberattack.

In my various pentesting experiments, I’ll pretend to be a blue team defender and try to work out the attack. If you have good security eyes, you can search for unusual activities in the raw logs — say a PowerShell script running a DownloadString cmdlet or a VBS script disguised as a Word doc file — by scrolling through recent activity in the Windows Event Viewer. It’s a major headache. Thankfully Microsoft has given us Sysmon, to make the threat analysis task far more straight forward.

SIEM is now a $2 Billion industry, but only 21.9% of those companies are getting value from their SIEM, according to a recent survey.

DNS TTL (time to live) is a setting that tells the DNS resolver how long to cache a query before requesting a new one. The information gathered is then stored in the cache of the recursive or local resolver for the TTL before it reaches back out to collect new, updated details.

Microsoft is pushing Teams- part of Office 365 – hard, and they report adoption rates that outpace Slack. You might not realize that Teams lives on top of SharePoint Online, and you could exacerbate an already complicated and risky SharePoint file sharing problem unless you take preventative measures.

The United States Department of Defense is implementing the Cybersecurity Maturity Model Certification (CMMC) to normalize and standardize cybersecurity preparedness across the federal government’s defense industrial base (DIB). This piece will cover the concept of a maturity model in the context of cybersecurity, key depictions of the DIB, the anatomy of CMMC levels, and how Varonis can fast-track certification.