Latest News & Articles
Secure Our World: 20 Years of CISA’s Cybersecurity Awareness Month
Every October, the United States government, in collaboration with public and private sectors, observes Cybersecurity Awareness Month. This annual event,
Honoring the Heroes of 9/11
Twenty-two years have passed, but the scars of that tragic day remain etched in our collective memory. Today, we pay
The Importance of Strong Passwords: Best Practices for Online Security
Whether it’s safeguarding personal email accounts, sensitive financial information, or even critical business data, the significance of a robust password
Security Resources
CISA's Known Exploited Vulnerabilities Catalog
Minimize Cybersecurity Risk with the Known Exploited Vulnerabilities (KEV) Catalog
In November 2021 the Cybersecurity and Infrastructure Security Agency (CISA) started the Known Exploited Vulnerabilities (KEV) Catalog and Binding Operational Directive 22-01. The KEV catalog lists only vulnerabilities known to be actively exploited.
KEV Catalog: “SMBGhost” Microsoft SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
“SMBGhost” is a critical vulnerability that affected SMBv3 in Windows 10 Versions 1903 and 1909. The vulnerability is an integer
KEV Catalog: “HiveNightmare” aka ”SeriousSAM” Vulnerability CVE-2021-36934
CVE-201-36934 is called Microsoft Windows SAM Local Privilege Escalation Vulnerability and is also known by the nicknames “HiveNightmare” or “SeriousSAM”.
Active Directory Series
Active Directory Series: Introducing AD CS
This post introduces Active Directory Certificate Services (AD CS) and topics like: public key infrastructure (PKI), the Kerberos pre-authentication protocol PKINIT, Certificate Signing Requests (CSR), and templates. This overview provides a baseline for learning AD CS penetration testing.
KEV Catalog: “sAMAccountName” “noPac” Privilege Escalation (CVE-2021-42278 and CVE-2021-42287)
“sAMAcountName” and “noPac” are two critical Active Directory vulnerabilities that can lead to full Domain compromise. Learn how a dollar
Active Directory Series: DC Sync
DC Sync attacks are a serious threat to Active Directory environments. DC Sync attacks occurred in the SolarWinds compromise in
Reports: Rapid Rise In Open Source Supply Chain Attacks
Last month, Mend released their Open Source Risk Report which outlines the risks associated with open source vulnerabilities and software supply chain attacks.
Converge Cybersecurity and Physical Security to Protect the U.S. Electrical Grid
On February 6th law enforcement officials charged a neo-Nazi leader and his associate with plotting to attack Baltimore’s power grid.
6 Cloud Security Issues and AWS solutions in 2023
In 2023, many companies seeking to reduce IT costs are also turning to the cloud. Cloud adoption provides numerous benefits
Cybersecurity Teams: An Introduction to Blue Team
Blue Team provides a variety of defensives services: network vulnerability evaluations, mitigation recommendations, real time threat detection, and overall readiness
Secured™ Awarded Over $4,000,000 for Humanitarian Support
Secured™ has been awarded over $4,000,000 in Unmanned Aerial Systems (UAS) customization and development in 2023 to assist in global
Defending Against Cyber Threats in the Oil and Gas Sector
The last decade has seen a global rise in cybersecurity attacks on the oil and gas sector.