Collaborate Disseminate
I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and…
The post Real or Fake? How to Spoof Email appeared first on TrustedSec.
1.0 Introduction On Friday, December 10, 2021, Charlie Clark (@exploitph) published a blog post detailing the weaponization of CVEs 2021-42287 and 2021-42278. In the blog post, Charlie extensively covered the background of the vulnerabilities, how the vulnerabilities were weaponized into Rubeus, with help from Ceri Coburn (@_EthicalChaos_), the full ‘attack chain,’ mitigations, and some detections….
The post An ‘Attack Path’ Mapping Approach to CVEs 2021-42287 and 2021-42278 appeared first on TrustedSec.
Continue reading An ‘Attack Path’ Mapping Approach to CVEs 2021-42287 and 2021-42278
On November 5, 2021, the Office of the Secretary for the Department of Defense produced a document outlining updates for the Cybersecurity Maturity Model Certification (CMMC) program. We’ve been following the program since its inception, and we were eager to find out what’s coming next. In short, some of the changes help reduce the burden…
The post How we’re making sense of CMMC 2.0 appeared first on TrustedSec.
Merchants should spend more time doing what they are good at—i.e., selling and merchandising—versus trying to keep up with validating and maintaining PCI compliance. How can this be accomplished? Using either an end-to-end encryption (E2EE) or point-to-point encryption (P2PE) solution for each point-of-sale (POS) system eliminates some of the complex hoops that merchants are required…
The post Reducing Merchant Scope to Ease the Compliance Burden appeared first on TrustedSec.
Continue reading Reducing Merchant Scope to Ease the Compliance Burden
Black Hawk Down I’m guessing a lot of us in the IT and Security space have experienced the gut wrenching feeling of not receiving that ICMP ping reply you were expecting from a production system, be it a firewall, switch, or server. Was there a recent configuration change that happened prior to the last reboot?…
The post The Backup Paradigm Shift: Moving Toward Attack Response Systems appeared first on TrustedSec.
Continue reading The Backup Paradigm Shift: Moving Toward Attack Response Systems
In part 1 of this blog series, we explored objective standards for evaluating application cipher suites using the National Institute of Standards and Technology (NIST) standard. Reviewing that is not required to continue here. For those of us lucky enough to apply cryptology within a Payment Card Industry (PCI) context, this part is for you….
The post Strength Training With Transport Cryptology: Part 2 appeared first on TrustedSec.
Continue reading Strength Training With Transport Cryptology: Part 2
I have a pretty good gig. I get to see the unique security approaches of dozens of companies every year. Sometimes the things we discuss come up so frequently, they should probably be shared…anonymously, of course. Frequently, folks are tasked with fixing insecure transport security. This is often due to test results from: Introducing new…
The post Strength Training With Transport Cryptology: Part 1 appeared first on TrustedSec.
Continue reading Strength Training With Transport Cryptology: Part 1
For many organizations, rapidly implementing work-from-home initiatives over the past year due to the COVID-19 pandemic required quickly rolling out new processes and deploying new technologies without adequate time for attention to Information Security standards. Perhaps your company recently acquired a new line of business, and you want to make sure the integration won’t adversely…
The post Yes, It’s Time for a Security Gap Assessment appeared first on TrustedSec.
Continue reading Yes, It’s Time for a Security Gap Assessment
TrustedSec has been approved by the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (https://www.cmmcab.org/) as a Registered Provider Organization. In line with our mission of increasing the security posture of organizations around the world, TrustedSec is pleased to be a part of the program aimed at improving and ensuring the security maturity of the Defense…
The post TrustedSec Approved as a CMMC Registered Provider Organization! appeared first on TrustedSec.
Continue reading TrustedSec Approved as a CMMC Registered Provider Organization!
TrustedSec works with clients of all sizes on Cybersecurity Maturity Model Certification (CMMC) readiness engagements, but recently we’ve received a few questions on how smaller organizations can help to offset some of the costs related to CMMC compliance. There are three (3) typical paths for small organizations to obtain financial assistance regarding CMMC activities. We…
The post CMMC Small Business Funding Roundup appeared first on TrustedSec.