Vulnerability Management Archives

Password Facts & Tips for Secure Online Presences

Understand the importance of password safety. Every time Americans tune into the Nightly News and hear about the latest cyber attack, it sends millions of us to our computers to check and change our passwords. That’s because while most of (more…)

So you’ve been hacked… now what?

The other day I met with an executive whose company had recently been hacked. He looks me in the eye and says, “It’s like I paid someone to punch me in the face…Repeatedly!” Getting breached is a huge pain that costs a lot of money, productivity, time and your reputation can suffer as well. The simple fact that there was nearly an 80% (more…)

Incident Response Readiness-Ready for a breach?

Incident Response Readiness – Is your organization ready for a breach? Have you ever undergone a breach? Is there a breach going on right now? Or, ahem… have you undergone a breach and were not even aware that it occurred? Yikes… (more…)

Advanced Malware – Assume the Worst

With advanced malware these days, you’ve got to assume you’re probably already infected. Typical testing methods, though good for spotting vulnerabilities, may not find the malware already lurking in your environment. (more…)

Network Security Engineering Services

One of the things that makes HALOCK a hybrid services firm is our unique practice groups, plus we bring to the table skill sets ranging from governance and strategy, PCI QSA knowledge, assessments and compliance, security solutions, and very seasoned network security engineering services. (more…)

Social Engineering

Is everyone familiar with social engineering testing? It’s a test of the natural tendency of a person to trust another person’s word, rather than exploiting actual computer security holes. (more…)

Why We Need Ethical Hacking

There is often confusion with the difference between “vulnerability scanning” and “penetration testing“, the latter being synonymous with “ethical hacking”. This article/podcast, from the president of the EC Council, the accreditation body for the Certified Ethical Hacker designation, includes a nice explanation of this very important kind of security testing. (more…)

Scanning for Weak MS-SQL Passwords Using NMap and Medusa

Before proceeding, please note that there are many tools and methods that have the ability to scan for weak or blank MS-SQL passwords. SQLPing comes to mind which is a great tool if you’re on a Windows host. Metasploit has the ability to scan for MS-SQL passwords as well but it isn’t ideal for targeted lists (more…)

Vulnerability Scan vs. Penetration Test

If you’re doing your quarterly vulnerability scans you may be wondering if that is the same as a penetration test or if you really need to do both. (more…)

Fun with Social Engineering

I recently wrote about Security Awareness Training, and mentioned that a well-trained staff and general employee population can be a good deterrent against Social Engineering practitioners. Social Engineering is a service offering of Halock Security Labs, and it’s probably one of (more…)

Previous 111213 Next