Blog

by Excellium SA Excellium SA 4 Comments

Excellium services newsletter : Humans are the weakest link in the information security chain

We’re all human: we make mistakes. Unfortunately, there will always be people trying to take advantage of our mistakes for their own benefit, which can cost our business tremendous financial loss. No matter how sophisticated our cyberdefenses are, how advanced our technologies are, how good our security practices are, we will always be constrained by this human factor.

Read more

by adidionxlm adidionxlm No Comments

Excellium services newsletter : Improper Machine Hardening Leading to Privilege Escalation

From an external or an internal perimeter, an attacker will look for weaknesses on the workstation or the server she just gained access. After web server breach in a DMZ or a workstation in the user LAN, her goal is to get access to other machines, to sensitive information that needs more authorization and accesses, taking advantage of machines weaknesses.

Most of the time, the local privilege escalation is a technique that pays off.

Read more

by adidionxlm adidionxlm No Comments

Excellium services newsletter : Threat Intelligence Demystified

Threat Intelligence (TI) is one of these new trendy words in the cybersecurity world. Many vendors offer their own solution of threat intelligence. In the present era of information, the challenge is finding the right solution on time. Sometimes it is like finding a needle in a haystack, but, luckily not always. And this is what TI is about, about going through huge amount of data to find relevant information and use it.

This newsletter will dive deep into the underlying issues of TI, and describes typical pitfalls usually encountered when learning to use it.

Read more

by adidionxlm adidionxlm No Comments

Excellium services newsletter : NIS Directive Review

The NIS (Network and Information System Security) Directive was adopted by the European institutions on 6 July 2016. Its objective is to guarantee a high and common level of security for networks and information systems within the European Union. In the context of this NIS Directive, several elements are highlighted. In addition to the emphasis on cooperation between national authorities and between Member States, the Directive also promotes the implementation of a national security strategy in each Member State of the European Union. The Directive also encourages the establishment of a European CSIRT network, again with the aim of improving cooperation between States. Security and notification requirements, in particular for essential service operators and digital service providers, are reinforced.

The main objective of the Directive is to ensure effective cooperation and protection of Member States’ critical economic and societal activities, in particular in order to protect themselves against the risk of cyber-attacks.

Read more

Top