Enforced since last 25 May 2018, the GDPR is raising many questions about data privacy concerns for organization within the scope of the regulation. Reaching compliance is necessary to enable your organization to provide strong guarantees towards the way you process the personal data concerning your clients and your employees.
Wi-Fi intrusion tests always begin with a limited target knowledge and without credentials to simulate an opportunistic attacker. They are simulating real attacks on the wireless network. The classical approach using key research and spoofing is currently limited by the technology itself, it is often asked in a second time to use a corporate workstation having a wireless access in order to enhance the attack scenario quality with a better knowledge of the target infrastructure.
This newsletter will give you an overview of different threats based on Microsoft Office documents able to execute malicious code without using macros. While some of the presented attacks rely on vulnerabilities already patched by Microsoft, others take advantage of legitimate features, and as such can only be mitigated, not completely disabled.
Paradoxically, communication is one of the most important aspects for the management of a crisis… And one of the most neglected points. If we draw the parallel with the etymology, how can one take a decision without exchange of information? How can one dispute and judge without communication?
More and more companies are equipped with perimetric protections that provide the main line of defense against attackers.
The defense mechanisms are both related to the deployment of hardware (firewalls, web application firewall, IPS probes …), the implementation of good architecture practices, such as network segregation (dedicated VLANs, use of DMZ, air-gap…), but also intelligent monitoring via the use of SIEM and SOC.
In this newsletter, we will see how passwords are managed by Windows and how an attacker can use the password hashes without knowing them.