Road bumps in the penetration testing process can result in increased delays that can negatively impact the business and cause further delays to the discovery and remediation of risks. From our observations, there are three things that can cause unnecessary delays.
OpManager offers comprehensive network monitoring capabilities that help you monitor network performance, detect network faults in real time, troubleshoot errors, and prevent downtime. It is found that the service suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of their choice. This service runs as Localsystem thus allowing for a privilege escalation vector.
Security experts are pushing digital users towards more secure password solutions, like the wider use of multi-factor authentication, or towards one-time pads, yet we still haven’t seen anything truly replace passwords yet. Here we look at an overview of the password and how it may change in the future.
Personal devices access and store personal information that may cause difficulties if the device becomes lost or stolen. In order to protect their devices, friends and family should be encouraged to enable drive encryption.
Security assessments communicate a point in time collection of the security vulnerabilities found in an assessment so that the discovered risks can be recreated and properly mitigated. To effectively communicate the assessment results, there are 6 things a solid report must include.
We are pleased to announce that Prescient Security will host a Capture the Flag (CTF) event at InfoSec North America on November 14-15. Stop by the CREST interactive booth area to see if you’ve got the skills to find all of the flags and win prizes!
HIPAA, Sarbanes Oxley Act (SOX), and PCI/DSS (Payment Card Industry) compliance standards address completely different aspects of your network and information, but a gap in either can cause serious pain for any company.
It’s not unknown that if a computers inputs are not sanitized, it’s applications could be vulnerable to various attacks. But during a recent Application Security Assessment, one of our Senior Security Consultants came across an interesting data sanitization insecurity that he says many analysts may be overlooking. Here is his overview of the insecurity and a recommendation on how to mitigate its risks.