Execute Shellcode, Bypassing Anti-Virus | InteliSecure

Hello, I am going to demonstrate a little trick to allow you to bypass anti-virus and execute shellcode, this is a publicly known trick that I did not discover. The shellcode I am going to use for this example is the common Metasploit Windows Bind TCP shell, however any shellcode can be used, I have simply chosen this one for simplicity. As I’m sure you’re all aware, the standard Metasploit…

Data Loss Prevention Is Becoming Increasingly Complex

As businesses and organisations incorporate an ever growing number of solutions, platforms and applications into their IT operations, it goes without saying that the scope for data loss, and it’s prevention, rises in tandem.   It’s a drum we have been banging for some time now but two stories in the news this week further highlighted that there is more than one vector for data loss in modern business – and…

Don’t Be Left in the Dark with Data Security | InteliSecure

With the action easing up in Brazil this week you may have seen reports circulating about a malware attack on more than 1,000 energy companies across Europe and North America. The attack was carried out by a group of attackers known by the name of Dragonfly. Dragonfly have been in operation since 2011 and previously targeted defence and aviation companies in the USA and Canada. Research carried out by Symantec…

The first rule of DLP: know where your sensitive data is

A Ponemon Institute study released this week reported that only 16% of IT security professionals know where sensitive data is located on their organization’s computer systems – leaving the overwhelming majority left guessing where their data loss prevention efforts should be directed. The study surveyed 1,587 IT security professionals whose jobs include helping protect sensitive or confidential structured and unstructured data – with only 7% of respondents knowing the location…

600,000 Customers Data Sliced from Domino’s Pizza

You may have seen this week’s news that 600,000 customer records were stolen from pizza chain Domino’s, yet again raising questions about just how seriously large corporations and big brands are taking data protection. It is the second time in less than a month that we have seen customers’ personal details compromised after the records of 145 million people were affected by a breach of eBay’s networks. For a period…

Pentura Named as a Certified Provider for UK Cyber Essentials Scheme

We are proud to announce this week that Pentura has been named as an accredited security provider under the recently launched Cyber Essentials Scheme.  Launched last week by the UK Government, and managed and reviewed by regulator CREST, the scheme is part of UK Government’s National Cyber Security Strategy and provides an independent assessment of the essential security controls that organisations need to have in place to mitigate risks from…

Making Staff Awareness of Security Threats an Ongoing Process

You may have seen this week that Dropbox links have become the latest vector for phishing and malware attacks to try and harvest user details and valuable business data. Given Dropbox is the leading file storage and sharing application for business this is hardly shocking.  What may be more surprising though is that these latest attacks can be more easily identified, and prevented, if staff are made aware of the…

eBay & Apple Security Breach | IT Security Vulnerabilities

eBay & Apple Security Breach The former Prime Minister, Harold Wilson, once observed that a week is a long time in politics.  The same is also true in IT security.  A week ago, eBay was a trusted brand with a good security reputation:  after all, it had survived the Heartbleed vulnerability scare that affected so many other globally-popular websites.  Now this reputation has been shattered after it revealed that it…

Pentura’s new e-learning portal enables easy DLP

We’ve launched our new e-learning portal, to help businesses educate their staff on the importance of best practice in data security, and the key role employees have in avoiding data breaches.  The portal, LearnwithPentura, features eight e-learning modules covering data security and computing best practice in compliance with ISO27001, the information security standard, and ISO27002, the Code of Practice which sets out that security issues should be addressed at employee…

When does data mining cross the privacy line?

How do you draw the line between helpful aggregation of public data, and intrusive data mining?  It seems that line was crossed in April, when LinkedIn stated it had sent a cease-and-desist order to the developers behind a third-party add-in widget for the professional networking site. The widget, called ‘Sell Hack’, claimed to provide users with email addresses of people on LinkedIn, which are normally available only to people that…