Stars-image

Blog

Welcome to Silent Sector's blog, news, and resource area.

Haidon Storro

Haidon Storro
Cybersecurity Research & Content Manager, Silent Sector -- Haidon Storro is a Cyber Security Analyst for CVS Health. She has her BS in IT Cyber Security as well as security certifications like CompTIA Security+ and ISC2. While Haidon is newer to the security community, she has dedicated herself to learning as much as she can through internships, online courses, and conventions like DefCon. In her free time, she enjoys reading about new advancements in technology, going to security meetups and participating in cyber defense competitions. One of Haidon’s goals is to make the connected world safer by bridging the human aspect with technology.

Recent Posts

0 Comments

Report Reveals 53% of Attacks Are Going Unnoticed

Whether or not companies want to admit it, every company is in the cybersecurity industry. This even applies to organizations like manufacturing who are not historically associated with technology. Unfortunately, in the age of digital transformation, many companies believe that simply allocating a couple of bucks to purchase “state of the art” security tools is enough to fend off threat actors. In an analysis conducted by the well respected FireEye Mandiant Security Validation team, it was uncovered that 53% of successful intrusions remain undetected despite having several security products. The research indicates that the majority of organizations need an overhaul of their cybersecurity strategy. In a previous article, we examined how the saturated vendor market has encouraged organizations to hastily purchase tools without really considering their organization’s specific need and thus, giving them a false sense of security. However, this blog seeks to expose why high ticketed solutions are unable to effectively detect and prevent the growing number of cyber-attacks.

Read More
0 Comments

A Cybersecurity Wake up Call in Response to the Pandemic

In a global survey commissioned by Barracuda, a prominent security company, 46% of global businesses have encountered at least one cyber scare since adopting a remote workforce as a result of the stay at home orders from COVID-19. While the security scares vary in severity, they all present a diverse range of new risks, threats, and challenges for organizations. These elements are only expected to increase as cybercriminals seize the situation to make a profit or nation-states try to gather intel.

Read More
0 Comments

Web Shell Malware, a growing concern for the US and Australia Wake Up Call on a common kind of Attack

This past week the US National Surveillance Agency (NSA) joined up with Australian Signals Directorate (ASD) to issue an information packet on how to detect and mitigate web shell malware. Web shell malware is a type of malicious code that executes arbitrary instructions on a targeted web server. It is becoming such a large growing cybersecurity problem that government agencies like the NSA and ASD released a 17-page guidance on how to approach it.

Read More
0 Comments

Printers: The Cyber Threat Hidden in Plain Sight

A much-echoed rule in cybersecurity is that anything connected to the internet has the potential to be hacked. Despite office printers not looking like standard computers, they are no exception to this rule and still vulnerable to hacking. Last year a Russian hacker group infiltrated several organizations through unsecured printers. This resulted in silent spying and exfiltrating of company print jobs.

Read More
0 Comments

Now more than ever, Ransomware is detrimental to small and medium sized businesses

According to the second quarterly AppRiver Cyberthreat Index for Business Survey, more than 55 percent of executives at small-to-medium-sized businesses (SMBs) admitted they would pay ransomware attackers in order to recover their stolen data. For larger SMB’s, employing 150-250 employees, this number surges to 74 percent. In recent years, launching ransomware attacks has become a lucrative vocation for cybercriminals. While the number of attacks on the public sector has decreased in response to the COVID-19 crisis, the private sector has remained largely unaffected.

Read More
0 Comments

The Double-Edge Sword of Social Media

Last week the FBI’s charlotte office warned social media users to pay close attention to the information they share online and “carefully consider the possible negative impact of sharing too much personal information online.” This alert comes at a time when many people are confined to their homes and consequently taken up social media to pass time during the period of social isolation.

Read More
0 Comments

NIST 8170 Provides an Excellent Approach to Cyber Security Frameworks

In a market where security and IT vendors are heavily saturated it is increasingly becoming difficult to determine which vendors truly have sound security solutions. Moreover, from the vendor perspective, how can they distinguish themselves from their competition? One approach both parties can take is following the risk based approach to cybersecurity recommended by the National Institute of Standards and Technology Cybersecurity Framework (NIST) 8170.

Read More
0 Comments

Android Security Risks for Small to Medium Sized Businesses

In yet another crackdown on the Google Play Store, Google has removed hundreds of phony and terms of service breaking applications (apps). The Play Store is the official app store for the Android Operating System (OS). In a survey conducted by software company Lefttronic, it is estimated that Android is the most dominant OS with 76% of the market share. Moreover, Lefttronic’s forecast suggests this number will only jump to 87% by 2022. This means every business currently has or will have at least one Android user and with many small and medium sized businesses (SMBs) permitting Bring Your Own Devices (BYOD), employees utilizing Android OS pose a major security risk.

Read More
0 Comments

A new version of an old DDoS weapon and how Russia could take down the Internet

The internet has become increasingly critical for survival during the COVID-19 pandemic and is a necessity with millions of people working remotely. A recent discovery by Digital Revolution, a Russian hacker group, reveals that Russia’s national intelligence service (FSB or Russia’s Federated Security Service) has been working on an Internet of Things (IoT) botnet project that could shut down the internet.

Read More
0 Comments

What is a Pen Test and why do you need it?

A Penetration Test (Pen Test) is a simulated cyber-attack against an organization to identify exploitable weaknesses. The purpose of the simulated attack is to uncover any weak spots on a network, application or endpoint that a threat actor could take advantage of and address them accordingly before an attacker can exploit them. Pen testing is becoming more critical as all companies have a network presence and thus, are susceptible to attackers. Moreover, a successful cyber-attack has major consequences that can be detrimental to the livelihood of an organization.  

Read More