• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Blog

TSA cybersecurity directives: What pipeline companies need to know

August 4, 2021 By Ken Smith

After the Colonial Pipeline ransomware attack shut down the entire pipeline system for over a week, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) issued a directive requiring all pipeline companies to take immediate actions to mitigate cyber risks. The first cybersecurity directive was issued on May 27 and the follow-up directive was ... READ MORE

The State of Ransomware

July 8, 2021 By AJ Hammond

Ransomware as a concept isn’t exactly bleeding edge. For years, cybercriminals have been using ransomware along with a variety of different attack vectors to compromise companies both big and small around the globe.   What is new, however, is the recent uptick in the quantity and frequency of ransomware-based attacks. According to Verizon's 2021 Data Breach Investigations ... READ MORE

Mapping Government Cybersecurity Initiatives to the NIST CSF

June 21, 2021 By Jonathan Slusar

On May 12, 2021, a press release was released by the Biden Administration regarding intentions to improve the nation’s cybersecurity and protections for federal government networks. The press release cites recent incidents (e.g. SolarWinds and the recent Colonial Pipeline ransomware incident) as reminders that cybersecurity threats are constantly evolving. More recently, there ... READ MORE

Mass Mailing Attack from NOBELIUM

June 1, 2021 By Ken Smith

On May 25, 2021, the campaign escalated as NOBELIUM, the same group behind the 2020 SolarWinds attacks, leveraged the legitimate mass-mailing service, Constant Contact, to masquerade as a US-based development organization and distribute malicious URLs to a wide variety of organizations and industry verticals. Using the legitimate mass mailing service Constant Contact, NOBELIUM ... READ MORE

Combating Ransomware for Tomorrow – The Other Pandemic

May 13, 2021 By Todd Willoughby

Another year and another record topping year of even higher ransomware payments; something has to change if we want this to get any better. Some stats first: 51% of all businesses in 2020 were targets of ransomware Overall 40% surge in global ransomware hits in 2020 Average ransomware payments in Q3 of 2020 were over $233,000. A new 2021 report shows that average is up ... READ MORE

Colonial Pipeline Ransomware

May 12, 2021 By Ken Smith

Ransomware attacks are no longer simply a malware infection. Today’s ransomware threat actor groups are comprised of skilled hackers who are well-versed in infiltrating their victims’ networks. Once inside the target network, these attackers perform reconnaissance to identify critical accounts, systems and even sensitive data stored within the network. Since the mid-2010s, we ... READ MORE

Microsoft Exchange – CVE-2021-26855+

March 5, 2021 By Luke Emrich

On March 2, 2021, Microsoft released several security updates to address at least seven critical vulnerabilities in supported versions of on-premise Microsoft Exchange Server. These vulnerabilities were observed being used in limited targeted attacks; however, due to the critical nature and publication of these vulnerabilities, Microsoft released guidance that all customers ... READ MORE

Cisco Smart Install for Penetration Testing

February 25, 2021 By Kevin Randall

recon-bg

Cisco Systems Inc. developed a widely used protocol to perform zero touch deployment of new infrastructure. This can include devices such as switches and routers and many other devices running Cisco IOS. This technology is called Smart Install. Smart Install runs on TCP port 4786 and requires no authentication to connect to the remote service. This protocol is very useful for ... READ MORE

Building a Vulnerable Box: RemoteMouse

January 29, 2021 By Ken Smith

At the start of every year, I review my lab repository of intentionally vulnerable machines and do my best to add new ones to the list. I recently came across a particularly interesting flaw, from a teaching perspective, and thought it would be worth capturing. RemoteMouse is Windows/Linux/Mac compatible software that can be used in conjunction with a mobile app to turn your ... READ MORE

How to have effective Enterprise Identity & Access Management (EIAM)

January 18, 2021 By Erik Kuhrman

Your business operations can be complex and require multiple technologies such as applications, platforms, services and infrastructure. Effectively overseeing and controlling who has access to what across this landscape can be a daunting challenge. Unfortunately, there are numerous horror stories of failed IAM projects and many companies continue to struggle with effective IAM ... READ MORE

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Go to page 5
  • Go to page 6
  • Interim pages omitted …
  • Go to page 25
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.8k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.