Main Menu
  • Filter:
image
Blog

Impact and Mitigation of the KRACK WiFi Vulnerability

A vulnerability has been disclosed in the most popular and recommended security protocol for WiFi networks: WPA2. The weaknesses, discovered and documented by Mathy Vanhoef, may change the way your...

image
Blog

The Fear of a Zero Day

Recently, the security community has been enthralled—simultaneously terrified and fascinated—with a set of new attack tools that have leaked. Within this set, a number of tools were designed to exploit...

image
Blog

Ransomware Worms Force Your Hand: Patch or Layer Security

Friday, May 12th, the “WannaCry” network worm joined the ranks of Conficker and Code Red. It’s infected tens of thousands of systems worldwide, and climbing. Among those victimized were England’s...

image
Blog

A Dangerous Shift in Ransomware Targeting

There’s good news for commentators that really “phoned it in” on their 2017 predictions: ransomware is becoming even more of problem. While you’ll be hard pressed to find analysts who...

image
Blog

Malware Removal Software Company Identified as Acting on the Behalf of Russia: What Does it Mean for You?

President Obama issued an executive order recently in response to address Russia’s cyberattacks against the United States. There are sanctions against Russian individuals and entities, and a number of Russian diplomats...

image
Blog

Compliance Alone Won’t Save You: The Next Attack Will Hit Harder Than the Last

This past weekend, the San Francisco Municipal Transportation Authority (SFMTA) was hit with a ransomware attack that left it unable to process payments for rides. The SFMTA was forced to...

image
Blog

Strengthening Your Cyber Resilience: Six Questions to Ask Yourself

As a former network administrator and IT Manager, I’ve spent most of my IT career defending networks from the bad guys along with keeping the daily IT ship afloat. Take...

image
Blog

Four More Years and Four Hundred Pounds of “You’re On Your Own”

Last night at Hofstra University, at the first of three scheduled presidential debates in 2016, Lester Holt introduced a segment of questions on “Securing America”. While as an avid consumer...

image
Blog

Lessons Learned from Exploiting IoT in the Enterprise

Over the past year, the HORNE Cyber penetration testing team conducted advanced penetration tests of organizations in many different sectors: from healthcare, financial services, and manufacturing to food production and...

image
Blog

Delta Airlines and the Security of Critical Infrastructure

Last week, I had the pleasure of joining Elizabeth Wharton on her radio show, Buzz Off with Lawyer Liz, to talk about the security of critical infrastructure, specifically as it relates...

image
Blog

Secure Penetration Testing Operations

Just a few months ago, my team found the back door of a network left open by a previous penetration tester for one of our clients. Unfortunately for this client,...

image
Blog

Highlights of DEF CON 24

After last week’s blog covering the upcoming presentations at Black Hat USA, I had a number of requests for our take on the DEF CON 24 schedule (immediately following Black Hat,...

image
Blog

6 Talks We’re Looking Forward to at Black Hat USA

A number of us at HORNE Cyber are attending Black Hat USA's briefings on August 3rd and 4th. I am looking forward to sharing my work on conducting more secure penetration...

image
Blog

Rising to the Challenge of Pen Testing ICS

Many organizations, including portions of our national critical infrastructure, rely on industrial control systems (ICS) and supervisory control and data acquisition systems (SCADA) to automate critical processes. This includes manufacturing,...

image
Blog

Immediate Crisis in Healthcare Information Security

After reading the Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data, the overwhelming themes of the study were clear to me: Breaches are so common that no...

image
Blog

When Your "Insider Threat" Isn’t an Insider

A classic urban legend and horror movie trope involves the hapless victim being repeatedly terrorized by creepy and threatening phone calls. When the police are called, they begin to trace...

image
Blog

HORNE Cyber at Black Hat USA 2016

Wednesday evening, I was notified that my proposal for a talk at the Black Hat USA 2016 Briefings (August 3rd and 4th) was accepted by the review board, composed of...

image
Blog

10 Takeaways from the 2016 DBIR

Even if you’ve never read Verizon’s Data Breach Investigations Report (DBIR), you’ve been exposed to it. Among the proposals, marketing materials, and whitepapers generated by the information security industry, it’s...

image
Blog

Hacking for Humiliation: The Nightmare You Wake Up To

Since this past weekend I have followed the story of an activist hacker, “Phineas Phisher,” who publicly posted a detailed write-up of an illegal attack he carried out last year...

image
Video

Understanding Cyber Attacks

Organizations typically do not find a hacker on their network for 4-7 months. So, how do you identify an attack and effectively defend your organization?

image
Whitepaper

The Practical Guide to Security at Conferences

Conferences are Target-Rich Environments for Private and Nation-State Intelligence Gathering. 

image
Whitepaper

Secure Penetration Testing Operations

Following previous presentations on the dangers penetration testers face in using current off-the-shelf tools and practices (Pwn the Pwn Plug and I Hunt Penetration Testers), this paper and presentation explores how widely available learning materials used to train penetration testers lead to inadequate protection of client data and penetration testing operations.