Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

\ Threats & Vulnerabilities 



April 20, 2018 | Insider Threats

 SunTrust Banks Discloses Insider Theft of Customers’ Personal Data

On April 20, 2018, SunTrust Banks Inc., announced that it is investigating a former employee who is alleged to have printed out the personal data of 1.5 million customers and potentially tried to share it with a “criminal third party." SunTrust, the 12th largest U.S. commercial bank by assets, stated that the potentially compromised information includes the names, addresses, account balances and phone numbers of customers. Affected customers have been notified and the alleged theft did not appear to include user IDs, passwords or Social Security numbers.

Read More »


April 18, 2018 | Threat Detection and Hunt Teaming
By Marcus Ranum, IANS Faculty

 Honeypots: Are You Up to the Challenge?

Honeypots have a bad rap in infosec circles, and that's unfortunate. Implemented correctly, honeypots are virtually free tools that can help security easily and quickly pinpoint attackers as they perform reconnaissance or try to move laterally through a network. In this report, we explain what honeypots are, offer some simple ways to build them, and detail their pitfalls and success factors. 

Read More »


April 17, 2018 | Penetration Testing and Red Teaming
By Jake Williams, IANS Faculty

 Avoid Common Issues with Live Red Team Exercises

Red team exercises provide valuable insight into an organization's defenses, but running them against live environments can be dicey. In this Ask-an-Expert live interaction, IANS Faculty Jake Williams details how to get a red team program up and running, and offers tips for conducting live exercises without adversely affecting the business.

Read More »


April 16, 2018 | Vulnerability Assessment and Management
By Marcus Ranum, IANS Faculty

 Create an Efficient, Effective Bug Bounty Program

Organizations with significant software exposure often consider deploying bug bounty programs to improve quality and better manage vulnerability disclosures, but what's the best way to go about it? In this Ask-an-Expert written response, IANS Faculty Marcus Ranum recommends using an internal (vs. outsourced) process and details the critical components for success.

Read More »


April 13, 2018 | Penetration Testing and Red Teaming
By Kevin Johnson, IANS Faculty

 I Am Not a Robot: Manual Pen-Testing Tips and Tricks

When it comes to web app penetration testing, automation can only get you so far. In this webinar, IANS Faculty Kevin Johnson explores how using manual testing techniques can augment the automation many DevOps shops use for security testing. In addition to providing examples of manual attacks used against modern sites, he offers tips for implementing this type of testing to ensure optimal web app security.

Read More »


April 11, 2018 | Threat Intelligence and Modeling
By Bill Dean, IANS Faculty

 Threat Intelligence Checklist

The ability to obtain and effectively leverage quality threat intelligence is no longer optional for today’s information security teams. This checklist steps  through the process of choosing the right feeds, integrating the data and ensuring you successfully leverage threat intel to proactively detect/prevent attacks.

Read More »


April 11, 2018 | Threat Intelligence and Modeling
By Bill Dean, IANS Faculty

 Make Sense of Your Threat Intel

With all the threat feeds and intelligence sources out there, how can you choose – and use – the right ones for your specific infosec program and use cases? In this report, IANS Faculty Bill Dean offers practical tips for choosing the right feeds, integrating the data and ensuring you successfully leverage threat intel to proactively detect/prevent attacks.

Read More »


April 10, 2018 | Malware and Advanced Threats
By Mike Saurbaugh, IANS Faculty

 IANS Vulnerability and Breach Update: Q1 2018

Vulnerabilities and breaches are mainstream news regularly. With a new vulnerability seemingly discovered daily, which should be taken more seriously (i.e., patch now!) and which are overhyped? In this quarterly research report, IANS Faculty Mike Saurbaugh updates clients on the top vulnerabilities and breaches from the past quarter and provides some real-world context and perspective.

Read More »


April 2, 2018 | Threat Intelligence and Modeling
By Jake Williams, IANS Faculty

 Build a More Formal, Automated CTI Program

Moving from an ad hoc, manual cyber threat intelligence (CTI) program to one that is more formal and automated is not complicated, as long as you follow the right steps. In this Ask-an-Expert written response, IANS Faculty Jake Williams explains the five-step CTI lifecycle and details key pitfalls to avoid.

Read More »