Featured content

A fact of life for many Chief Data Officers (CDOs) is that once you’ve achieved certain milestones in your data strategy, your focus will inevitably shift to a new milestone challenge. This shift usually means a new strategy and vision. The hard part is figuring out what your new strategy will be. How will you get there?

This article is part of the series "Penetration Testing Explained". Check out the rest: Part I: Risky Business Part II: RATs! Part III: Playing with RATs and Reverse Shells Part IV: Making the Lateral Move Part V: Hash Dumping and Cracking Part VI: Passing the Hash Part VII: Exfiltration and Conclusions

Ransomware’s Early Days The first documented and purported example of ransomware was the 1989 AIDS Trojan, also known as PS Cyborg1. Harvard-trained evolutionary biologist Joseph L. Popp sent 20,000 infected diskettes labeled “AIDS Information – Introductory Diskettes” to attendees of the World Health Organization’s international AIDS conference.

If you’re a regular reader of our blog, you know that we feel that the perimeter is dead, and that the battle against insider (and outsider) threats is won with User Behavior Analytics (UBA), which is why we’re so excited to announce the launch of Varonis UBA Threat Models in beta release of 6.2.5.

This article is part of the series "Penetration Testing Explained". Check out the rest: Part I: Risky Business Part II: RATs! Part III: Playing with RATs and Reverse Shells Part IV: Making the Lateral Move Part V: Hash Dumping and Cracking Part VI: Passing the Hash Part VII: Exfiltration and Conclusions

I barely scratched the surface of penetration testing in my own blogging, and I’ve already amassed a long list of resources. So rather than withhold any longer, I’ll spill the beans in this initial roundup.

We’re very excited to present this Q&A with Ed Skoudis. Skoudis is a very large presence in the security world. Here’s just a snippet from his lengthy bio: founder of Counter Hack, sought-after instructor at the SANS Institute, creator of NetWars CyberCity, and winner of the US Army’s Order of Thor Medal.

This article is part of the series "Penetration Testing Explained". Check out the rest: Part I: Risky Business Part II: RATs! Part III: Playing with RATs and Reverse Shells Part IV: Making the Lateral Move Part V: Hash Dumping and Cracking Part VI: Passing the Hash Part VII: Exfiltration and Conclusions

This article is part of the series "Penetration Testing Explained". Check out the rest: Part I: Risky Business Part II: RATs! Part III: Playing with RATs and Reverse Shells Part IV: Making the Lateral Move Part V: Hash Dumping and Cracking Part VI: Passing the Hash Part VII: Exfiltration and Conclusions

In most of the security standards and regulations that I’ve been following there’s typically a part titled Risk Assessment. You can find this requirement in HIPAA, PCI DSS, EU GDPR, NIST, and SANS, to reel off just a few four- or five-letter abbreviations.

Active Directory security is important because Active Directory(AD) represents the keys to the kingdom. Imagine that box where your store all of the physical keys to every door in the office building. AD is just like that box, but for every computer, software application, and service you run on your entire network. You keep that physical box of keys protected and secured – or you should – and you need more security to protect AD from cyber attacks.

European regulators are serious about data protection reform. They’re inches away from finalizing the General Data Protection Regulation (GDPR), which is a rewrite of the existing rules of the road for data protection and privacy spelled out in their legacy Data Protection Directive (DPD). A new EU data world is coming!