Going remote is the new reality as we continue to grapple with a devastating global pandemic. The transition to remote learning in our nation’s schools, in particular, has created a new level of upheaval and burden that’s impacted most every home and community. Luckily, most of Stealthbits’ existing corporate customers switched to digital work rather seamlessly after testing and reinforcing the security of their networks and IT infrastructure. Educational institutions, on the other hand, were…
Kerberos Explained
Kerberos is an authentication protocol enabling systems and users to prove their identity through a trusted third-party. The protocol was initially developed at the Massachusetts Institute of Technology (MIT) as part of a larger project called Project Athena. Project Athena was a joint initiative of MIT, Digital Equipment Corporation, and IBM to build a distributed computing environmen…
Europe’s top court, the Court of Justice of the European Union, recently struck down the EU-US data privacy arrangement known as Privacy Shield, which many organizations rely on when transferring data from the EU to the United States.
Privacy Shield was enacted in 2016 to replace the Safe Harbor Privacy Principles, which was declared invalid by the same court in 2015. In addition to replacing Safe Harbor, it aimed to protect the fundamental rights of anyone in the EU whose personal da…
Webinar Preview: Back to “The Basics” – Pragmatic advice from Gavin Ashton, author of “Maersk, me, & notPetya”
Part 1 – Ransomware
The origins of modern ransomware trace back all the way to the AIDS trojan of 1989. Its use of simple symmetric cryptography and gentle extortion of $189 seems almost infantile compared to the techniques used and extortions of today. In the midst of a global pandemic, ransomware has been on the rise – economically motivated actors would never m…
The following blog post was created using an excerpt from the Stealthbits Technologies/emt Distribution presentation “Prioritizing Password Security with Troy Hunt: The Good, the Bad, and the Ineffective”. Please see here to view the complete presentation.
Let’s talk about passwords. In particular, let’s talk about where we’ve come from, where we are at the moment, and where things are going in the future.
The history lesson of passwords is enormously important because it help…
What is it?
SigRed, CVE-2020-1350, is a remote code execution vulnerability in the Microsoft Windows DNS server that was publicly disclosed on July 14, 2020, by Israeli cybersecurity firm Check Point.
When a DNS server receives a query for a domain it isn’t responsible (authoritative) for it asks a DNS server further up the hierarchy which DNS server is, and then queries that DNS server for the record. The vulnerability exists in how the Windows DNS server parses t…
With breaches and cyber-attacks continually increasing every year, a constant stream of compromised passwords finds their way to the dark web for purchase and use. This should NOT be a surprise. 80% of breaches involved stolen or misused credentials1. And this makes sense … why use advanced attack techniques when stealing credentials and assuming user identities is easier, less detectable, and still works?
Stealthbits leverages the “Have I Been Pwned” breach password dictionary within Stea…
ALERT: If you are NOT a StealthINTERCEPT Enterprise Password Enforcer or StealthAUDIT customer, view this blog for greater relevance and a more appropriate read.
With 34% of people saying they share passwords with coworkers1 and 62% reusing the same password for work and personal accounts2, the importance of checking passwords is paramount.
Last Friday (June 19, 2020) we saw our first update to the “Have I Been Pwned” (HIPD) database in almost 12 months. The dat…
Sensitive data is a term that we hear quite often these days, especially as it relates to the plethora of data privacy laws that have been introduced over the past several years. Seemingly, the sensitive data definition is simple: sensitive data is any information that needs to be protected. What that really means though is often dependent on the nature of the business conducted by an organization and even more so, the responsible governing body.
What is Considered Sensitive Data?
T…
In the File Systems Data Collector for StealthAUDIT, we collect various types of information about files and folders including permissions, file size, activity data, sensitive data, etc. One of the most important aspects of a file system resource (file, folder, or share) is “does that resource still exist”? While this might on the surface seem like one of the easiest things to collect, there was a range of mitigating factors that limited the accuracy in which we could report on this info…
The privileged access management (PAM) market is heating up! According to the 2020 KuppingerCole Leadership Compass for PAM there are roughly 40 vendors in the space with combined annual revenue of $2.2 billion, which is predicted to grow to $5.4 billion a year by 2025. This represents a compound annual growth rate (CAGR) of 20%.
The takeaway: More and more organizations are looking to invest in the next generation of PAM solutions, which offer advantages over more traditional and now…