May Your Safeguards Be Strong and Your Controls Be Reasonable – Happy St. Patrick’s Day!
Happy St. Patrick’s Day.
Celebrate safe security controls with these cybersecurity awareness posters. Tabhair aire (Take Care).
Download your posters by clicking on the images.
Daylight Savings Time DST
Time to Spring Ahead!
Daylight Saving Time (DST) is just around the corner! Yes, we may lose an hour of sleep, but in return, we gain more daylight in our evenings—signaling the arrival of warmer days and longer sunsets. But beyond adjusting our clocks, this shift in time also serves as a great opportunity to check in on our digital security.
What is Daylight Saving Time?
Daylight Saving (more…)
A Threat Based Approach to Penetration Test Reporting
Managing AI Risks in Organizational Adoption and Usage
The Heist
It started with an email. A routine request from the CFO to the finance department, instructing them to expedite payment to a new vendor. The message bore all the usual signs of legitimacy—familiar language, corporate jargon, and even the CFO’s signature, perfectly replicated. The email security system flagged nothing unusual.
The finance team complied, unaware that the CFO (more…)
What are DeepFakes?
Before getting too invested in your online connection, ensure it’s not a DeepFake. Advances in technology have taken catfishing to new heights. Bad actors can manipulate their visuals and voice online or phone to impersonate someone else. They use these false identities to find their way to your heart and data.
DEEPFAKES
The mere mention of this should throw you (more…)
Compromised Credential Leads to Major Educational Data Leak Powerschool
Description
K-12 schools manage vast amounts of sensitive personal information about students and educators. Many school districts utilize a cloud service provider to host this data and provide insights and analytics. PowerSchool stands as the leading provider of cloud-based education software for K-12 education in the United States, serving over 55 million students and 17,000 educational institutions across more than 90 countries. On December 28, 2024, PowerSchool (more…)
What Legislation Protects Against Deepfakes and Synthetic Media?
A Deep Look at Legislation
Deepfake legislation in the U.S. is advancing swiftly to combat the rising risks associated with synthetic media, addressing critical areas such as cybersecurity, privacy, election integrity, and intellectual property. Federal and state lawmakers are enacting and refining laws to curb the misuse of deepfake technology, focusing on issues like fraud, defamation, election manipulation, and (more…)
Why Every Organization Needs an Effective Incident Response Plan (IRP)
The Strategic Edge: Why Every Organization Needs an Effective Incident Response Plan (IRP)
There is no doubt that the threat landscape has greatly expanded in recent years. According to the Identity Theft Resource Center 2023 Data Breach Report, 2023 saw a 72% increase in data breaches since 2021. Seventy-five percent of security professionals report seeing an uptick in attacks over the past year, with (more…)
Understanding Access Control: Authentication vs. Authorization
This post will explore two essential components of Access Control for web applications and APIs: Authentication and Authorization. HALOCK Security Labs’ Pen Testing Team has discovered a significant amount of Authentication and Authorization related findings during web application and API penetration testing. While both these concepts are foundational in computing, they are often misunderstood or confused. Although the concepts themselves may seem straightforward, (more…)
Exploiting API Endpoints
Relying on frontend controls for access management can lead to attackers gaining excessive privileges.
HALOCK Security Labs Web Application Penetration Testing can fully identify and evaluate web application vulnerabilities. There are a variety of ways to exploit a web application to retrieve sensitive data. In a recent client engagement, HALOCK Security Team identified a critical vulnerability by exploiting (more…)