Browsed by
Author: Gabriel Gumbs

Gabriel Gumbs is the VP of Product Strategy at STEALTHbits Technologies responsible for end-to-end product vision and innovation. With a 16 year tenure in CyberSecurity, he has spent most of that time as a security practitioner, aligning security innovations with business objectives for Fortune 100 organizations. Gabriel is an information security thought leader, privacy advocate and public speaker.
File System Attacks – Insider Threat Podcast #9

File System Attacks – Insider Threat Podcast #9

In the ninth edition of the Insider Threat Podcast Jonathan Sander and I did a little role reversal. I played Zorak to Jonathan’s Space Ghost and was asking the questions – the topic this week is File System attacks. A topic that we have noticed not many struggle with, but one that we increasingly see as an attack vector. Jonathan has been researching these attacks recently and has been blogging about them in length. So we sat down to talk…

Read More Read More

The 180 Days Are Over: NYS DFS Cybersecurity Regulation – 23 NYCRR 500

The 180 Days Are Over: NYS DFS Cybersecurity Regulation – 23 NYCRR 500

The New York State Department of Financial Services (NYS DFS), announced 23 New York Code Rules and Regulations 500 (23 NYCRR 500), a cybersecurity regulation for all financial institutions doing business in New York. Today marks the end of the first major deadline for this regulation, 180 days after going into effect on March 1, 2017. By now, financial institutions doing business in New York should have a cybersecurity program, cybersecurity policies, a Chief Information Security Officer (CISO), access privileges,…

Read More Read More

From Botnets to DACL Backdoors: A Journey through Modern Active Directory Attacks – Part I

From Botnets to DACL Backdoors: A Journey through Modern Active Directory Attacks – Part I

Active Directory DACL Backdoors In my last blog post, we examined Active Directory (AD) backdoors and how to defend against them. The botnets’ primary communication mechanism relied on abusing AD attributes. Once established, these botnets allow attackers to communicate across internal security controls, exfiltrate data—and most importantly—gain a foothold that is very difficult to detect and remove. All accomplished without one line of malicious code. Now that’s a real life advanced persistent threat…only it isn’t as advanced as nation-state style…

Read More Read More

Malware: ILOVEYOU Melissa & still you make me WannaCry

Malware: ILOVEYOU Melissa & still you make me WannaCry

Protect Your Unpatched Systems Against Malware What do the Melissa virus, ILOVEYOU worm and the WannaCry ransomware have in common? After patches were made available, they were still successfully spreading. Secondary storage also played a role in these infections. As malware evolved from nuisance to profit-driven, secondary storage became less of an infection vector and more of an opportunity to ransom data. I choose to highlight Melissa somewhat randomly, but mostly because it was 18 years ago and basic information…

Read More Read More

Lucky 13: WannaCry Ransomware and EU GDPR

Lucky 13: WannaCry Ransomware and EU GDPR

WannaCry Ransomware and GDPR 13 Months. That is the number of months (from the time of this writing) separating the #WannaCry attack from being not just a massive information security “incident” but the single largest test of the EU General Data Protection Regulation (GDPR). We are not going to focus on the WannaCry ransomware in this post though. If you’re interested in my technical breakdown, you can read my previous post. Today, I want to double-click past the malware and…

Read More Read More

What you need to know about the WannaCry Ransomware

What you need to know about the WannaCry Ransomware

WannaCry / Wcry / WannaCrypt Ransomware A large-scale cyber attack (WannaCry ransomware) that began on May 13th has already infected over 230,000 computers in 150 countries, demanding ransom payments in 28 languages – these numbers continue to grow and given the patch for the vulnerability being exploited is only two months old, we are likely to see these numbers increase. The perpetrators of the attack are not yet known, however, the origins are. The infection vector was made “wormable” or…

Read More Read More

4 Steps to Ensure NYCRR 500 Compliance

4 Steps to Ensure NYCRR 500 Compliance

On March 1st, 2017, the New York State Department of Financial Services put into effect new cybersecurity requirements of its ‘covered entities’. Those entities include banks, trusts, budget planners, check cashers, credit unions, money transmitters, licensed lenders, mortgage brokers or bankers, and insurance companies that do business in New York. Within the next 180 days (starting from March 1st 2017), organizations must ensure they have a comprehensive Cybersecurity Program in place, supported by written and implemented Cybersecurity Policies. They also…

Read More Read More

LDAP Monitoring for Security

LDAP Monitoring for Security

LDAP Monitoring LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying items in directory service providers like Active Directory (AD). AD, by contrast, is a directory services database, and LDAP is one of the protocols you can use to talk to it. Because Microsoft provides no easy way to monitor LDAP queries, to see the query that was issued and where it came from, insider threat actors can leverage this blind spot to perform reconnaissance activities…

Read More Read More

Law Firm Cyber Guidance: Adopting a Least Privilege Model

Law Firm Cyber Guidance: Adopting a Least Privilege Model

On the heels of breaches at Cravath Swaine & Moore LLP, Weil Gotshal & Manges LP among others, The Association of Corporate Counsel (ACC) has issued its first-ever guidelines on the basic data security measures that in-house counsel should expect from their law firms. Law firms are warehouses of client information making them prime targets for attackers. The legal ethics rules require attorneys to take competent and reasonable measures to safeguard information relating to a client (ABA Model Rules 1.6)….

Read More Read More