Seeing Red Recently, I asked my Lares mates to comment on a red team (RT) architecture post I stumbled upon. A volley of responses ensued with the conclusion: “That’s a…
read moreThe Transition from ACET to InTREx-CU for Credit Union Examinations The National Credit Union Association (NCUA) Chairman Rodney Hood discussed changes to the credit union (CU) CyberSecurity and Technology examination…
read moreThe Gathering of the Vulnerability Wranglers 2.0 (VW 2.0) panel debuts today on InfoSecWorld’s 2020 Digital event. As a content leadership advisor for InfoSecWorld USA, I have had the pleasure of hosting and moderating the…
read moreFear, Trepidation, and Resistance In our scoping calls, it is not uncommon to sense fear and trepidation on behalf of the buyer or upper management regarding the exercise. Customers resist…
read moreWhat Could Possibly Go Wrong? I once contracted out a firm to perform a pentest to satisfy our annual pentest for our PCI-DSS requirements. We went through the phases of…
read moreSextortion Attempt in My Inbox The sextortion hoax economy has a pulse. On Easter, during our modified annual family gathering and carefully coordinated and socially-distanced egg hunts with neighbors…
read moreWe are pleased to announce that Lares team members, Andrew Hay and me (Mark Arnold), appear in the Tribe of Hackers (ToH) Security Leaders edition, the 3rd in the…
read moreNot so, Naughty? Have bad actors had a change of heart? While most ransomware operators continue their relentless attacks against operators to target healthcare organizations during the pandemic, a handful…
read moreFollow Up: Tricks, Trolls, and Securing the Home Worker In our recent blog about securing home workers, we drew attention to the impact of social engineering and the spread of…
read moreBy now, you are most likely working from home for purposes of social distancing. Call it whatever you will, ‘shelter in place,’ ‘hunkering down,’ or ‘self-quarantine,’ we have all been…
read more