Category: Cyber Risk Management

Search

The Impact of Attack Surface Management in Mortgage Servicing

In the constantly evolving financial services landscape, where security threats are significant, and regulatory pressures are abundant, staying ahead is imperative. This case study describes how a leading mortgage servicer (choosing to remain anonymous) overcame challenges and transformed its security posture by implementing an attack surface management program. The organization not

Read More
person typing on keyword

Transferring Visual Studio Projects to MinGW-w64 

As penetration testers and red team operators, we often find ourselves conducting engagements from Linux-based operating systems. This preference is partly due to the compatibility of many offensive security tools with Linux-based environments. Whether you prefer Windows, Linux, or MacOS for your engagements, it would be convenient to perform all

Read More
man holding a lock

From Reactive to Proactive: The Value of Offensive Security 

Threat actors constantly evolve and innovate, leaving organizations vulnerable to attacks from an ever-growing list of tactics and techniques.  While reactive measures like incident response teams and forensic analysis can help mitigate damage after a breach, they leave organizations scrambling to catch up. Alternatively, a proactive approach emphasizes prevention by

Read More

Leveraging ‘Rubeus’ for Active Directory Penetration Testing (Part One) 

The rapidly evolving, complex cybersecurity landscape places Active Directory (AD) at the forefront of many cyber threats. As a crucial component of network infrastructures, AD is targeted by attackers looking to exploit its vulnerabilities. “Rubeus” emerges as a pivotal tool for security professionals, offering advanced capabilities that thoroughly assess and strengthen

Read More
senior leaders managing red team exercise

How Senior Leaders Navigate the World of Red Team Exercises

Cybersecurity threats have become increasingly sophisticated and pervasive. As a senior leader, it is crucial to ensure that your organization has robust defenses in place to protect its sensitive data and systems from potential breaches. One powerful way to assess the effectiveness of these security measures is by regularly conducting

Read More
Password Security

Analysis of Strong VS Weak Passwords

Data breaches are a dime a dozen these days. But when hackers steal databases full of customer info, login names, and passwords, the passwords themselves aren’t usually sitting out in plain sight. Typically, the passwords will be cryptographically hashed. Hashing a password takes a string of any length (the password

Read More
Security Update

Update on the Apache Log4j Vulnerability

A remote code execution vulnerability (CVE-2021-44228) in the Apache Log4j 2 Java library was announced on December 9th, 2021. The vulnerability has been assigned a Base Score of 10.0 Critical, the highest possible score.  The vulnerability is easily exploited, and proof of concept exploit code was published in the public

Read More
Fix It Gif

VCISO: How We Help “Fix It” the risk3sixty Way

In the vCISO service line at risk3sixty, we see early on in engagements that many of our clients have found themselves caught in a break/fix cycle, which reminded me of an old SNL skit. If you’re not familiar with Saturday Night Live, it’s a sketch comedy show that has a

Read More