Today, encryption plays an important role in cybersecurity. It allows businesses to secure customers’ information, allows us to navigate the internet without the fear of anyone else eavesdropping, and allows remote employees to connect to the work network securely. However, even though encryption is crucial for protecting one’s data, not many average home users utilize encryption. Average home users should be encrypting their desktops, laptops, and mobile devices because encryption is the most useful technology for protecting one’s privacy. However, many people don’t know where to start; they are daunted by the technology. This blog will help you encrypt your drive using an open-source program called VeraCrypt.
This blog is an excerpt from the Atlantic Council report Aviation Cybersecurity – Finding Lift, Minimizing Drag by Pete Cooper. Alpine’s Christian Espinosa, an expert on penetration testing and risk assessments of commercial aircraft, contributed to this report via an interview and panel discussion.
The most significant difference with the new exam format is that it is proctored. This means that you are being watched over your webcam for the entire period of the session. Proctoring a five-day exam is impractical, so the exam was split into three six-hour sessions. Each six-hour session consists of three individual “challenges”. Each challenge involves recovering the contents of a secret file, but some challenges will require hacking more than one machine. You enter the contents of the file into a web page and submit it when you are done with the session. You must complete at least one challenge per session, and you must complete at least five out of the nine sessions to pass the exam.
We get so focused on encryption, identity access management, secure data transmission, etc., that we forget we have a PHYSICAL security component to our craft.As a former police officer for 20 years, the holidays brought with it happy times/sad times. People would go shopping for gifts. They would load up their cars, and make one more store stop… and return to their car emptied of their newly purchased gifts. They were in such a hurry, they forgot to lock the doors on the car when they ran inside. Upon return, the car is empty. Now is the time that we all need to take pause, and take stock of our SITUATIONAL AWARENESS. That doesn’t just mean in the cyber-realm, but in our daily lives.
As cybersecurity professionals we know a “strong” password is, supposedly, one that is at least 8 characters long with a combination of upper case, lower case, numbers, and special characters. But, as Bob Dylan said, the times they are a-changing. There is new movement in the industry to move away from this traditional password guidance to something more secure, user-centric, and friendly.
The most common two-factor authentication method is a password and a time-based one-time password (TOTP), which can be sent to your phone via SMS. So even if your password is compromised, the cybercriminals will need the second factor, a code sent to your phone, to log into your account. However, using SMS for two-factor authentication is not considered safe anymore. Why is it not safe anymore? What should we use then?
Do you work in IT or cybersecurity and want to advance your career? Are you required to hold certain certifications for your job? It sounds like you need some certification training. Finding the right training for your certification can help you achieve your goals, save time and money, and even put you on the fast track to promotions and pay raises.
You cannot fix what you do not know. A penetration test strengthens your defenses by revealing your weaknesses and recommending prioritized fix actions.This article contains ten items you should consider when selecting an organization to perform a penetration test against your environment.
The OSCP certification is great for individuals with several years of experience in system administration, networking, or software development, who wish to learn “elite hacking skills.” The LPT (Master) is great for those who want to pursue penetration testing as a career and who are looking for a certification that demonstrates that they can complete a realistic penetration test simulation on their own.
Online password cracking has advantages and disadvantages. It is effective if executed properly. There are numerous defenses to prevent attackers from cracking your passwords.
Black Box Penetration Testing tests a target with little to no prior knowledge about the target environment. Despite the best efforts of vulnerability scanning tools, they often miss critical vulnerabilities and major issues. These missed vulnerabilities can be exploited by attackers to gain full control of your environment. A Black Box Penetration Test identifies additional vulnerabilities and security issues. If minimizing cybersecurity risk is a goal, both a vulnerability scan and a Black Box Penetration Test are recommended.
DoD 8570, the Cybersecurity Information Assurance Workforce Development Program, will soon be replaced by DoD 8140. DoD 8570 determines which cybersecurity certifications are required for Information Assurance positions in a United State’s government organization.
Steganography is used by hackers to hide overtly hide data. Hiding data overtly does not raise suspicion, because no one knows there is something hidden. A common example of steganography is hiding an image inside another image. Watermarking can also be considered steganography, if the watermark is not visible.
Armitage (Metasploit GUI) makes hacking easy. All you need is a vulnerable target and a working exploit in Metasploit. The “Hail Mary” tries all potential exploits against a target, requiring you to know next to nothing about the vulnerabilities or exploits.
Most of us are brainwashed about what constitutes a secure or “strong” password. We often think a password that consists of 8 characters with complexity requirements (uppercase, lowercase, number, special character) is more secure than a “passphase” with no complexity requirements. This is not true.
In this post, we’ll cover two simple ways to extract Exif (Exchangeable image file) data from images. In short, Exif is information about a digital picture, such as:
– Date and time the picture was taken
– Type of camera used
– Types of settings on the camera
– GPS Coordinates where picture was taken
Windows Task Manager serves a purpose, but we recommend you replace it with Process Explorer for many reasons. A few of the reasons for using Process Explorer: It is Free. It easily integrates with VirtusTotal. It shows process dependencies / process trees.
Questions about Alpine Security?
Contact us for more information.