Introduction Are you being kept up at night wondering just how secure your company’s mobile health (mHealth) APIs really are? You aren’t alone. And after the research I’ve conducted on mHealth APIs, you very well should be. If you aren’t, you will be. The number of mHealth companies have more…

Introduction A rogue base station (also called a dirt box or rogue BTS) is the use of a software-defined radio (SDR) to create a fake cell tower and a software implementation of a GSM/GPRS radio access network. The software typically used to power rogue BTS’ is YateBTS, which supports GSM850…

How MITRE Shield has turned cyber deception technology into a business imperative to deny a contested network to adversaries. Introduction Just when you began to fully wrap your head around the MITRE ATT&CK framework, MITRE went and published a brand new framework for you to understand that it’s called MITRE Shield. …

Introduction This article is written for penetration testers wanting to learn how to hack Bluetooth low energy (BLE) smart devices using relay attacks. These attacks can be employed against smart locks to even BLE-powered ignition systems in connected cars. This article goes into technical depth on how to build and configure…

Abstract This white paper discusses the new generation of data security solutions that addresses the failure of traditional data loss prevention (DLP) solutions to secure sensitive data that in today’s cloud-first and software-as-a-service (SaaS) economy is no longer effective. Data is now mobile and able to move between on-prem networks, cloud…

The story behind the mass exodus of enterprises from SIEM to Elastic “It is not the strongest or the most intelligent who will survive, but those who can best manage change.” -Leon C. Megginson Introduction In my Ashes to Ashes article, I talked about how the event fatigue problem…

“Abashed the devil stood and felt how awful goodness is and saw Virtue in her shape how lovely: and pined his loss” -John Milton In a recent penetration test of a large bank, I was able to transfer money to any account and change any customer’s ATM debit card…

The idea here is that small changes — the burgeoning amount of unstructured data being generated in the enterprise, the interminable event fatigue problem created by false positives in security information and event management (SIEM) solutions, and the global talent shortage in cybersecurity that makes finding affordable security operations center…

Introduction As of today, no laws or regulations, even the latest version of PCI-DSS, HIPAA, and HITECH, do not make network segmentation or micro-segmentation compulsory to comply with the rule. By making network segmentation discretionary — even when transmitting, processing, or storing regulated data, the number of breaches will continue to…