Uncategorized


09

Jan 2018

The new way using a wireless mouse or keyboard leaves you vulnerable

By Ben Goodman You are sitting in your favorite coffee shop with your laptop. You’ve never been a fan of the laptop’s touch pad so you plug in the USB dongle for your favorite wireless mouse and begin browsing the internet, checking emails, etc. You stop using your laptop briefly to check your written notes. You notice a sudden flash of a window popping up,...

Read More


05

Jan 2018

What you should know about Spectre and Meltdown

By Corey McReynolds Two large exploits, “Spectre” and “Meltdown”, have been released that allow reading privileged memory with side-channel attacks on Intel and ARM processors. This issue is known to affect nearly all processors in personal computers, Macs, servers and mobile devices (both Android and iOS). AMD processors are affected (only to “Spectre”), but to a much lesser degree. The result of a successful attack can...

Read More


24

Oct 2017

Slack and Microsoft Teams Notifications for Empire and Meterpreter Agents

By Russel Van Tuyl A short time ago, I wrote a Python script that would send notification messages to Slack when a computer was compromised and an Empire or Meterpreter agents was dropped. I spent a little time updating the script and added support for Microsoft Teams notifications. This blog explains how I set up Slack and Microsoft Teams notifications for Empire and Meterpreter agents. In...

Read More


24

Oct 2017

Ransom(ware) Notes: Insight into a Growing Cybersecurity Threat

Since the worldwide WannaCry attack in May, the cybersecurity threat of ransomware has only continued to grow. In August, a new strain of the Locky ransomware surfaced, spreading to unsuspecting users through at least 23 million infected emails in a massive malware campaign. Unfortunately, this trend will most likely continue. We turned to senior analyst Lee Tibbals of Sword & Shield’s Security Operations Center to...

Read More


05

Oct 2017

Active Directory Password Health Analysis – Part 1

By Russel Van Tuyl Active Directory (AD) is an essential part of a Microsoft domain. A prominent function AD performs is to keep a record of all domain user accounts and their associated password stored as an encrypted one-way hash value. One of the many objectives during a penetration test is to gain access to the AD ntds.dit database file, which contains the user account...

Read More


28

Sep 2017

Facing your first HIPAA Risk Assessment? Here’s what you should know.

By Chris Lyons HIPAA compliance can be a daunting endeavor, especially if your organization has never faced this challenge. A HIPAA risk assessment can help you achieve compliance. If you are considering your first HIPAA risk assessment, there are a few things you should know. Here are four points to get you on your way: Understand your security environment Prepare for the assessor’s visit by gathering...

Read More


21

Sep 2017

Sword & Shield Enterprise Security Aims to Improve Mobile App Security

National cybersecurity firm launches mobile app security assessment service to ensure businesses and entrepreneurs offer and use secure mobile applications KNOXVILLE, Tenn. Sept. 21, 2017 – Sword & Shield Enterprise Security, a leading national cybersecurity firm based in Knoxville, Tennessee, now offers detailed mobile application security assessments for Android, iOS, and Windows phone or tablet-based apps to determine their vulnerabilities and how sensitive information can...

Read More


11

Sep 2017

Sword & Shield Enterprise Security Releases White Paper on Future of Passwords

National cybersecurity firm discusses the future of password management, including the push for more user-friendly policies KNOXVILLE, Tenn. Sept. 12, 2017 – Sword & Shield Enterprise Security, a leading national cybersecurity firm based in Knoxville, Tennessee, has released a white paper, “The Future of Passwords: Perspectives for Enterprises.” Available now at https://landing.swordshield.com/new-password-guidelines-white-paper, the white paper highlights the latest National Institute of Standards and Technology (NIST)...

Read More


06

Sep 2017

Social Engineering Q&A: How to Strengthen Your Network Security

As organizations respond to InfoSec threats by hardening their network security, hackers are exploiting softer targets, such as employees and management, to gain access. According to IBM research, in 2016 about 71 percent of reported cyberattacks in the healthcare industry and 57 percent of cyberattacks in the financial services industry depended on the actions of employees who had unintentionally compromised the network security of their...

Read More



Page 1 of 3123