Recently Uncovered Linux Security Issues Create Another Wi-Fi Attack Vector

Linux has had long standing issues with memory leaks. These exposures often give attackers the means to crash devices, create denial of service, and in some cases, extract sensitive data from host devices. A security researcher, Soenke Huster from Germany’s Technical University of Darmstadt, recently reported a buffer overwrite in the Linux Kernel mac80211 Wi-Fi […]

Do You have an Evil Twin?

Top Five Wireless and IoT Threats Unlike wired networks, wireless networks can be accessed by anyone. Even restricted wireless environments can be penetrated from nearby. Wireless networks host a wide variety of mobile and IoT devices that are difficult to secure. They often have vulnerable interfaces, unprotected storage, hardcoded backdoors, unencrypted communications and insecure pairing procedures […]

Threat Susceptibility: Achieving Cyber Resiliency Goals

Cyber resiliency goals (i.e., anticipate, withstand, recover, and adapt) support the linkage between the risk management decisions at the mission or business process and system levels and the organization’s risk management strategy. To address cyber resiliency, an organization’s risk management strategy needs to include its threat-framing with respect to cyber threats, its strategies for achieving […]

Threat Susceptibility: From Risk Management To Active Defense

In our previous blog post in this series, Threat Susceptibility: Countermeasures and Risk Remediation Options, we continued our MITRE ATT&CK example and focused on identifying mitigations and security controls that were mapped to the TTPs the organization was susceptible to. In this post, we’ll discuss those mitigations and security controls in the context of Risk […]

Threat Susceptibility: Countermeasures and Risk Remediation Options

In the blog post, ‘The Art of Attack vs The Science of Resilience’ Omri wrote “Cyber risk analysis and management is completely dependent on an understanding of how attackers attack in general, and specifically how attack techniques and methods can be used to threaten your organization. That understanding then needs to be translated into an […]

Threat Susceptibility Assessments: Challenges & Opportunities

What are some of the challenges in assessing cyber threat susceptibility? Penetration Testing is probably the most well-known and most used method for assessing threat susceptibility. These human-driven assessments can be very effective, but the results are a snapshot in time. The organization’s attack surface and the cyber threat landscape are constantly changing and evolving. […]

Assessing Risk using Threat Susceptibility

  What are the targets of cyber threats? In the NIST cybersecurity framework core function of ‘Identify,’ organizations are tasked to do ‘Asset Management’ where they need to discover and maintain an inventory of assets that are resources to the business. These resources need to be prioritized based on their classification, criticality, and business value.  […]

The Art of Attack vs. the Science of Resilience

From personal experience I can definitively say that there is no such thing as 100% cyber security. As we can see from the ever growing number of cyber attacks , every organization has some weaknesses that cyber attackers can exploit. It is just a question of whether attackers can find them.   Cyber attackers think […]

Urgent Update: CVE-2021-44228 Log4j Vulnerability

Summary On December 9, 2021 a serious vulnerability in the Java-based logging package Log4j was disclosed. This is a remote code execution (RCE) vulnerability, meaning that it allows an attacker to install and execute code on a vulnerable server. The vulnerability is CVE-2021-44228 and it affects version 2 of Log4j between versions 2.0-beta-9 and 2.14.1. It is patched in […]