Protect Your Data With Super Easy File Security Tricks!

Protect Your Data With Super Easy File Security Tricks!

Data security is an all-encompassing term. It covers processes and technologies for protecting files, databases, applications, user accounts, servers, network logins, and the network itself. But if you drill down a little in your thinking, it’s easy to see that data security is ultimately protecting a file somewhere on your system—whether desktops or servers. While data security is a good umbrella term, we need to get into more details to understand file security. File Security…

min read 0

Most Popular

GDPR Requirements in Plain English
Master Fileless Malware Penetration Testing!
Active Directory: Difference Between Windows and Azure AD
Top Podcast Episodes

Get the latest security news in your inbox.

Americans and Privacy Concerns: Who Do We Trust?

Americans and Privacy Concerns: Who Do We Trust?

Who do Americans trust with their information? In light of massive data breaches, Americans have doubts about the safety of their personal data. Events like the Facebook Cambridge Analytica hack that affected 87 million Facebook profiles and the Marriott data breach that exposed data of up to 500 million guests are enough to get anyone guessing who they can trust with their sensitive information. Consumer mistrust is also prevalent when companies aren’t clear about the…

min read 0
right to be forgotten hero

Right to be Forgotten: Explained

The “Right to be Forgotten” (RTBF) is a key element of the new EU General Data Protection Regulation (GDPR), but the concept pre-dates the latest legislation by at least five years.  It encompasses the consumers’ rights to request that all personal data held by the company —or “controller” in GDPR-speak — be removed on request.  But it goes further: the GDPR rules (see its article 17 ) says that search engines (like Google) have to…

min read 0
hacker motives hero

Hacker Motives: Red Flags and Prevention

Hackers are getting savvier. They’re constantly finding new ways to abuse system vulnerabilities and sneak into our networks. The worst part? The likelihood of a cyber attack is now higher than a home invasion. Most people don’t notice when their data has been compromised until it’s too late. The silver lining is that the rise in attacks allows us to analyze the patterns hackers follow and strengthen our defenses. Major cybersecurity attacks of the past…

min read 0

For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
min read 0
C-Level, Data Security

CEO vs. CISO Mindsets, Part IV: Monte Carlo Breach Cost Modeling for CISOs!

by  in C-Level, Data Security
My main goal in this series is to give CISOs insights into CEO and board-level decision making so they can make a winning case for potential data security purchases. In my initial dive last time, I explained how CISOs should quantify two key factors involved in a breach: the frequency of attacks, and then the probability that the breach itself exceeds a certain cost threshold. Knowing these two ingredients (and that there are numbers or…
min read 0
Data Security

DHS Emergency Directive 19-01: How to Detect DNS Attacks

by  in Data Security
On January 22, 2019, the United State Department of Homeland Security (DHS) released a warning for a DNS infrastructure hijacking attack against US government agencies. Let’s dig into the specifics of the DHS warning and look at how you can better protect and monitor your DNS services. What is a DNS Infrastructure Hijacking Attack? The Emergency Directive 19-01 calls this attack a DNS Infrastructure Hijacking attack. DHS says that the attackers stole user credentials powerful…
min read 0
Data Security
DNS domain name system

What is DNS, How it Works + Vulnerabilities

by  in Data Security
The Domain Name System (DNS) is the internet’s version of the Yellow Pages. Back in the olden times, when you needed to find a business’ address, you looked it up in the Yellow Pages. DNS is just like that, except you don’t actually have to look anything up: your internet connected computer does that for you. It’s how your computer knows how to find Google, or ESPN.com, or Varonis.com. For two computers to communicate on…
min read 0
Compliance & Regulation
PCI compliance

What is PCI Compliance: Requirements and Penalties

by  in Compliance & Regulation
PCI compliance is a set of standards and guidelines for companies to manage and secure credit card related personal data. The major credit card companies – Visa, Mastercard, and American Express – established Payment Card Industry Data Security Standards (PCI DSS) guidelines in 2006 in an effort to protect credit card data from theft. Experts say credit card fraud costs businesses billions of dollars each year in the United States. It should be obvious that…
min read 0
Data Security

Varonis Version 7.0

by  in Data Security
Version 7.0 of the Varonis Data Security Platform is here – featuring new cloud support and advanced threat detection and response capabilities: new event sources and enrichment; out-of-the-box threat intelligence applied to Varonis security insights; and playbooks that arm customers with incident response plans right in the web UI so customers can easily follow best-practice responses to security incidents.  New Dashboards Highlight Cloud, Active Directory and GDPR Risks Active Directory risk dashboards, GDPR dashboards, and Office 365 dashboards offer at-a-glance visibility…
min read 0
Data Security
Illustration of guy with red blindfold over his eyes

12 Most Disregarded Cybersecurity Tasks

by  in Data Security
Used for strategic planning, process improvement and reaching customers, data is just as important as a company’s other resources like employees or inventory. You could even say, data is gold. This golden data is also in high demand for competing companies and the malicious individuals that can profit from stealing and selling trade secrets. With the importance and abundance of data available today, the stakes of not having a comprehensive cybersecurity program in place in…
min read 0
C-Level, Compliance & Regulation

Wyden’s Consumer Data Protection Act: How to Be Compliant

by  in C-Level, Compliance & Regulation
Will 2019 be the year the US gets its own GDPR-like privacy law? Since my last post in this series, privacy legislation is becoming more certain to pass. Leaders from both parties are now saying they will focus on privacy in 2019. Consider yourself warned! I’ll continue my journey from last time into the Wyden legislation since it’s a good baseline. Sure there are other bills, but they share some common elements. I’ve already discussed Wyden’s…
min read 0
Data Security

How To Use PowerShell for Privilege Escalation with Local Computer Accounts

by  in Data Security
What is Privilege Escalation? Privilege escalation is when an attacker is able to exploit the current rights of an account to gain additional, unexpected access. While this can be caused by zero-day vulnerabilities, state-level actors crafting attacks or cleverly disguised malware most often it’s a result of a simple account misconfiguration. From there, attackers can escalate through a series of small vulnerabilities that when chained together result in a potentially catastrophic data breach. Why Shouldn’t…
min read 0
Data Security
smb port hero image

What is an SMB Port + Ports 445 and 139 Explained

by  in Data Security
The SMB protocol enables “inter-process communication,” which is the protocol that allows applications and services on networked computers to talk to each other – you might say SMB is one of the languages that computers use to talk to each other. How Does The SMB Protocol Work? In early versions of Windows, SMB ran on top of the NetBIOS network architecture. Microsoft changed SMB in Windows 2000 to operate on top of TCP and use…
min read 0
Data Security
how major companies find leaks hero

How Major Companies Find Leaks

by  in Data Security
Serious data leaks are increasingly prevalent in the news. We mostly hear about the immediate impact of those leaks and the steps taken to fix them, but how much do we actually know about how companies find and prevent these leaks? A lot of companies require employees to sign non-disclosure agreements (NDAs) to legally hold leakers accountable, but this isn’t the most effective method to prevent leaks. Major corporations like Google and Apple also take…
min read 0
Data Security

Varonis Gets Lightning Fast with Solr

by  in Data Security
Any security practitioner that has had to perform forensic analysis on a cybersecurity incident likely describes the process as “searching for a needle in a stack of needles.” Even Tony Stark’s magnet isn’t going to help. Anyone who has used a SIEM or any other monitoring system to figure out how gigabytes of data was stolen knows how difficult that task can be. Varonis leverages Solr to optimize and streamline the process of analyzing data…
min read 0
Data Security
what is mimikatz hero

What is Mimikatz: The Beginner’s Guide

by  in Data Security
Benjamin Delpy originally created Mimikatz as a proof of concept to show Microsoft that their authentication protocols were vulnerable to attack. Instead, he inadvertently created one of the most widely used and downloaded hacker tools of the past 20 years. Rendition Infosec’s Jake Williams said, “Mimikatz has done more to advance security than than any other tool I can think of.” If you’re tasked with protecting Windows networks, it’s essential to keep up with the…