How did it start? Let me set the stage first. Arun and I (Gayathri) are part of the global compliance partners team that supports InfoSec (information security) initiatives at Perficient India. One fine morning in early-July: Gayathri: So, Arun, we have completed providing our data evidences for the global ISO 27001 audit, what next? Arun: […]
Posts Tagged ‘information security’
We Can All Learn From Crypto.com’s Hack and Response
We shouldn’t be that surprised. A couple of weeks ago, Crypto.com, one of the fastest-growing cryptocurrency platforms, was hacked on January 17, 2022. One area mentioned by the company as an issue was a gap in its multi-factor authentication (MFA) system. A statement issued by Crypto.com on January 20th said, “transactions were being approved without […]
Track the Triad to Tria(d)ge
As usual of my blog – the following anecdote unfolds the subject of my blog.… Have you met oxymoron characters? I have and I am going to describe an incident in one such character’s life: I know a balding old gentleman who is stung by an oxymoron combination of OCD (Obsessive Compulsive Disorder) and absent […]
Corporate Russian Roulette
The Corporate Game of Russian roulette! His last chance to spare himself and his billionaire empire is in hands of a Russian roulette game. A weapon loaded with 5 bullets and one empty chamber lies on his table in front of him. His psyche mind winds up algorithmic yet he stood steady on the white […]
Phishing Attacks – How Your Old Passwords Can Come Back To Bite You
As a security professional, I spend a considerable amount of time building awareness around good password hygiene, and I am starting to see forward progress in efforts like moving users away from short passwords to longer passphrases. But even as we are moving towards better password selection, most people don’t know that their old passwords […]
Kali Project Encryption and Isolation Using Vagrant and BitLocker
Imagine that you work on different engagements or projects in which Kali Linux is one of your primary tools. Furthermore, maybe you also have the need to keep the data for each of those projects isolated from the others – in other words, you need to avoid cross-contamination between your projects. In this article I […]
How To Use The AWS API With S3 Buckets In Your Pen Test
Pen testers often need to stage payloads and other tools on servers outside of their own infrastructure. In this post I’ll show you how to use the Amazon AWS command line interface (CLI) to dynamically create and manage S3 buckets that you can use in your own pen tests. I’ll also show you how to […]
Here’s Why You Should be Using a Password Manager
I do not mean a notebook with handwritten passwords or even a spreadsheet. I mean software designed specifically to generate and safely store your passwords. We have all heard about sticky notes under the keyboard, or even worse on the monitor. The current browsers can store your passwords for you and, assuming you have an […]
How Microsoft Word “Protected View” Stops Information Leaks
Microsoft Word has long offered support for loading images and templates over the network. This is a great feature within corporate environments because it facilitates the reuse of assets like logos and corporate document templates. Unfortunately, these features can be abused by bad actors to obtain operational intelligence on individuals, or even to steal credentials. […]
Introduction to Data Masking Transformation in Informatica
Introduction On a daily basis, data growth is expanding at a pace greater than the expansion of the universe itself. It makes our lives better, but it also has the capability of reflecting the vulnerabilities of a person or an organization. Data is like Infinity Gauntlet. If you know how to use it, like Thanos […]
How To Connect Your Android Phone To Your AWS-Based VPN Server
In my previous post, How to Set Up Your Own VPN Server Using Amazon Web Services, we set up and configured an OpenVPN server using Amazon Web Services, and then we configured Windows and Linux machines to use the new VPN server. In this post, I’ll show you how to setup your Android phone to […]
Security Starts at Home and So Does Information Security
As a Perficienite, I have been involved in ISO27001, SSAE-16 and HIPAA assessments and have learned the need for information security. I would like to give back my knowledge and awareness to all in a more palatable form without the jargon. This blog is the result. This blog is intended to develop awareness on general […]