Phishing attacks can happen to anyone whether you’re a CEO, financial analyst, nurse, janitor, IT specialist, or receptionist. In the 2020 Internet Crime Report, the FBI revealed phishing was the top reported cybercrime, consisting of 241,342 reported incidents. This number has more than doubled since 2019. Phishing attacks often consist of an email that is […]
Weak passwords are often the cause of data breaches. Love or hate them, everyone is using passwords today. Ensuring individuals are using strong passwords in important to securing an organization. Whether you’re performing a penetration test or a password audit, tools can help you add value and efficiency for your report. At Stern Security, we […]
Duo Security is one of the most popular 2-factor authentication applications on the market today. All of the authentication and administrative logs are stored in the admin portal located at https://admin.duosecurity.com. Up until recently, if you wanted to view the logs, you either had to log into the admin portal or use the Duo API […]
Without using any 3rd party tools, you can use simple Window commands to display the saved passwords for remembered wireless networks. This is helpful if you forget or during security engagements. We were recently on a penetration test and gained access to a laptop. We needed to gain access to a particular wireless network didn’t want to risk tripping […]
One would think that most data breaches were caused by hacking as those are the breaches that are always mentioned in the news. However, up until the end of 2019, Theft was still the top cause of breaches in healthcare according to data compiled from the U.S. Department of Health and Human Services (HHS) Office […]
Pyoneer was created to assist with the search for sensitive information while on customer engagements. The tool has been used in different scenarios, not just for penetration testing, but that is where the tools development began. Pyoneer’s base script was written overnight while sitting in a hotel room on an engagement. The idea came while […]
We have compiled a list of security measures to implement to either prevent ransomware or limit the damage. Organizations need not implement all of these in order to prevent ransomware. However, these are various strategies that can be implemented depending on the company. Security measures such as “application whitelisting” will prevent most malicious software on […]
Stern Security Labs analyzed a Locky ransomware sample. The following video shows an actual Locky ransomware attack on a Windows 7 machine. Watch how fast the ransomware encrypts the files on the computer. The computer is encrypted within one minute of clicking on the malicious “invoice.pdf” file! Ransomware attack demonstration from Stern Security on Vimeo.
In February 2016, PenTest Magazine’s was dedicated to “Cloud Pentesting”. This special edition featured an article by Stern Security’s Principal Consultant, Jon Sternstein. Here is an excerpt from the article: “A pair of eyes intently stares at the computer screen while ten fingers are furiously typing on the keyboard. The penetration tester smiles as he […]
We have recently received two samples of Locky maldoc (malicious document) ransomware from a healthcare institution. Ransomware is a devastating piece of malware that encrypts important files on an infected computer and demands ransom to decrypt the files. We will examine two samples. Both samples arrived via email and were not detected by spam filters […]
- 1
- 2