The cyber security industry appears to be struggling to keep pace with a seemingly never-ending stream of new vulnerabilities exposing organisations to ransomware attacks, corporate espionage and worse. Trade shows such as InfoSecurity Europe 2017 host hundreds of new “off-the-shelf solutions” that claim to provide cybersecurity at a stroke. The million dollar bet here is whether a custom made solution based on the company’s precise needs with full interoperability would be possible.
A new ransomware that has been spread since 12th of March worldwide affecting hundreds of thousands of Windows computers and for which you should be considering the application of an emergency security patch update that Microsoft has released few hours ago.
A possible attack path during a penetration test is having access to the administrative console of a JAVA Application Server (like WAS, JBOSS and Tomcat) installed on a Windows server with default or guessable (e.g. through brute-force) administrative credentials.
The cyber security industry appears to be struggling to keep pace with a seemingly never-ending stream of new vulnerabilities exposing organisations to ransomware attacks, corporate espionage and worse. Trade shows such as InfoSecurity Europe 2017 host hundreds of new “off-the-shelf solutions” that claim to provide cybersecurity at a stroke. The million dollar bet here is whether a custom made solution based on the company’s precise needs with full interoperability would be possible.
Today’s vendor driven approach to cybersecurity which continues to add more and more layers, is not sustainable. With a mathematical certainty every security model will inevitably fail at least once, regardless of the defense and technology sophistication involved.
George Patsis @CRESTCON & IISP Congress gave an interview regarding the current state of information security, today's threatscape and a discussion on the cyber industry.