Authentic8 Blog Category: Cloud Browser

Do You Have What It Takes to Prevent Ransomware?

Posted by: Andrew Maguire
Published on:

Malicious software has nearly always been a factor to consider when it comes to managing the IT environment. Have we learned the right lessons?

*

I remember going on calls to a credit card company early in my career, as a then-time field engineer, to diagnose issues that had cropped up on several Dell PCs.

Back in 1991, these were basic PCs with floppy drive systems and 10MB hard disk drives - state-of-the-art desktops at the time, monochrome screens and all.

After some analysis, we concluded that the systems were infected with a virus, a rare occurrence at the time. The Michelangelo virus was just days away from executing, and our options to remove it were limited.

Only two vendors existed to clean malware, and the software had to be downloaded using a 1200 baud modem from a bulletin board. Usually, one vendor or the other would detect and remove the small number of malware samples in the wild at the time. Thankfully,

How to Secure Your Content Management System (CMS)

Posted by: Guest Contributor
Published on:

By Derek Handova

Content management systems present attractive targets for cybercriminals and state-sponsored adversaries. E-commerce sites, investor relations pages, and HR portals are just three examples where CMS vulnerabilities can cause severe reputational and financial harm.

The CMS offers multiple attack surfaces for targeting commercial or public sector entities. How can IT, administrators, creative personnel, and developers ensure CMS security?

*

In 2018 alone, more than 18 million CMS users suffered security breaches. 73.2 percent of well-known websites managed with WordPress, the most widely used CMS, contained vulnerabilities exploitable through common attacks.

Which security approaches would effectively protect CMS owners, their network, their business, and their customers? To answer this question, we have to confront the issue that many data breach vulnerabilities lie within the surface layer of the websites themselves.

There, threat actors can insert malicious code without website owners even knowing about it. For example, RiskIQ recently reported that JavaScript vulnerabilities in CloudCMS and Picreel web service scripts allowed the

How to Conduct Social Media Investigations and Remain Anonymous

Posted by: A8 Team
Published on:

How can professional investigators securely conduct research on social media without exposing their organization? Authentic8’s Nick Finnberg, OSINT training specialist and former intelligence analyst, shared insights and tradecraft insights, tips and tools at a webinar on social media investigations.

*

There are more than 3.5 billion active social media users across the world. Facebook, Instagram, Twitter, LinkedIn, Reddit, 8chan and Co. can be a treasure trove for law enforcement, fraud investigators, corporate security specialists, and Open Source Intelligence (OSINT) analysts. Provided, that is, the researchers have tools at their disposal that are up to the task.

That’s a big IF. Online investigators need to be able to quickly and efficiently collect, save, and collaboratively analyze data while maintaining adequate operational security (OpSec). This often poses a challenge, because they also grapple with budget constraints, inadequate online tools with inherent security vulnerabilities, and an acute shortage of properly trained cybersecurity personnel.

How to safely, effectively, and anonymously use social media for

GDPR Outlook: After First Record Fines, What’s Next?

Posted by: A8 Team
Published on:

Following the record penalties for Google, British Airways and Marriott under the European Union's General Data Protection Regulation (GDPR) by French and British data privacy commissioners, which industry or sector will the EU's privacy watchdogs home in on next?

European GDPR enforcement actions are just getting up to speed. All indications point to more rough waters ahead for large transnationals with a presence in the EU.

In their third conversation on the state of GDPR, Scott Petry, co-founder and CEO of Authentic8, explores with Steve Durbin, Managing Director of the UK-based Information Security Forum (ISF)

  • what impact Brexit may have on GDPR enforcement in the UK
  • how the EU is currently taking aim for the next salvo of sanctions against GDPR violators
  • why apps and tools that touch EU employee data face increased scrutiny.

Will the next headline-worthy penalty hit a US-based company for not sufficiently protecting its EU employee data? Listen to their discussion here:

Did you miss the first two

Morale: Recruitment, Retention, and Browsing

Posted by: Sean Heritage
Published on:

During my tenure as the Commanding Officer of the Navy’s defensive cyberspace operations team, I distinctly remember an exit interview with a civilian teammate. He sat across from me and proudly stated that though he loved our team, he was ready to leave and willing to take a pay cut for the opportunity ahead of him (note: he wasn’t taking a pay cut, but he was willing to).

He enjoyed his teammates, he told me, appreciated his leadership, was motivated by our mission, and felt appropriately compensated. Given that dissatisfaction - and not satisfaction - with any one of those job aspects usually serves as reason people decide to look elsewhere for employment, I was perplexed.

My departing teammate went on to explain: “I am a geek. I love technology. I want to be on a team that uses the latest and greatest hardware and software. I want to be able to connect with the outside world from my desktop.