Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
07.10.23How DirectDefense Compromised a Banking Institution’s Help Desk and Member Services Using a Phone Social Engineering Attack + 5 Common Vishing Pitfalls to Avoid Cyber criminals will stop at nothing to steal personal and confidential information from their target. In recent years, many high-profile attacks have leveraged targeted phone social engineering attacks, known as vishing.… Read more »
06.13.23How DirectDefense uncovered weaknesses in a municipality’s SCADA systems and a need for SCADA network segmentation A large municipality enlisted the services of DirectDefense to perform a Critical Infrastructure Assessment of the SCADA network controlling their water and electric services. During the SCADA assessments, our team identified several weaknesses that demonstrated the need for SCADA… Read more »
05.09.23How to Prevent Credential Stuffing with IPv6 Protocol Security Third-party software security risks are created when third-party vendor products lack security, giving attackers wide open access to your organization’s networks and databases. When a vendor has access to your network, including customer and corporate information, your own company’s security doesn’t cover all the gaps, so… Read more »
03.07.23Plus: 10 Tips to Keep Your Organization Out of the Red A financial institution enlisted our services to perform a Red Team assessment – an effective approach to simulate a real-world threat actor attempting to compromise an organization from the outside in. Using an email phishing campaign combined with a physical breach, DirectDefense consultants uncovered… Read more »
02.21.23How DirectDefense accessed sensitive financial and personal data through injection vulnerabilities The best defense against injection attacks is to secure legacy applications by leveraging an app security assessment. Got a legacy app? Then listen up: Legacy applications can be particularly susceptible to injection attacks and organizations should take immediate action to remediate this vulnerability before… Read more »
02.14.23Using Simulated Security Attacks to Test Network and Physical Vulnerabilities DirectDefense was asked by an airline to conduct security testing through simulated security attacks to help identify vulnerabilities that could put the airline’s data and operations at risk. As part of the engagement, DirectDefense: Spoiler Alert: Through effective tactics, like tailgating, we were able to… Read more »
10.06.22DirectDefense conducted cyber penetration tests for a municipality and found some significant gaps within the SCADA network.
08.17.22How We Were Able to Alter API Settings that Control Energy Production During a recent security assessment of an Application Programming Interface (API) that dynamically manages the energy resources for a large energy utility and allows external client devices to communicate with end devices that sit behind the API server, DirectDefense was able to gain… Read more »
07.27.22DirectDefense conducted a physical security test at a utility company and was able to have their run of the business – and a Tesla.
07.13.22DirectDefense assessed the security of MQTT traffic – the transfer of data to a SCADA system, ultimately controlling critical infrastructure.
