Georgia Tech recently notified almost 1.3 million people about a potential breach of sensitive data, and in some cases, including a social security number. Over a four month period, there was a vulnerable server that allowed people to enumerate records on a back-end database, allowing the exfiltration of sensitive information. While universities are seen as more open environments, they do have sensitive information they have to protect.Read More
On top of the RDP vulnerability out there, additional Microsoft Windows zero-days are out there, which can exploit enterprises and give attackers full system control. The RDP vulnerability had the potential to be used in a WannaCry like worm.
In the past, a green padlock icon would inform the user that a site is secure and legit, whether it was true or false. Now, that is no longer the case. We are seeing more and more phishing sites using SSL/TLS certificates to try and fool people into thinking that a phishing site is actually legitimate. The appearance of free SSL/TLS certificates, which can be applied with ease (Let’s Encrypt, Comodo and more), allow scammers to harness SSL certificates to their own agenda, giving misguided people the felling of false security.Read More
DNS is one of the single biggest important components to making the global internet work and it is often the most neglected aspects of a network. Invented in the 80's, DNS “just works," but its ease of use has people overlooking the power of using it to protect their customers. DNS offers the first clues to what is going on in your network and is used by criminals to steal data.Read More