1 min
Metasploit
Federal Friday - 11.7.14 - Up in the Clouds...
Happy Friday, Federal friends! I hope everyone had a festive Halloween!
According to the commercials I've been seeing on starting on 11/1 I guess we're
skipping Thanksgiving this year and jumping right into the Holiday Season
[http://www.idigitaltimes.com/black-friday-sales-2014-store-hours-and-start-time-target-walmart-best-buy-kmart-393775]
...
So the time has finally come, Fed is starting to embrace the cloud (slowly).
Within the last week we've seen NIST push out a road map for Cloud
Infra
3 min
Mo Monday's at Rapid7 - Movember Week 1
Okay, okay... technically it's Tuesday. We had a few member's of our Herd out of
the office yesterday which delayed the debut of the facial follicle fortitude
that is needed to join the Rapid7 Moosestaches for Movember. Movember, for those
of you who don't know, is a month long mustache growing campaign to raise
awareness for men's health. While we're all guaranteed to look ridiculous, some
will be downright creepy, we are doing it for a cause. There are 19 of the
Rapid7 Moose signed up this yea
3 min
Metasploit
Federal Friday - 10.24.14 - NCSAM Week 4
Happy Friday, Federal friends! Can anyone else believe next week is Halloween?
Feels like only yesterday I was talking about the start of the MLB season and
now we're through 2 games of the World Series...
So this week is the 4th week of National Cybersecurity Awareness Month
[http://www.dhs.gov/national-cyber-security-awareness-month-2014-week-four]. To
me this is one of the more important weeks as the campaign centers around
Cybersecurity for Small/Medium sized businesses and Entrepreneurs. T
2 min
Metasploit
Federal Friday - 10.17.14 - Cybersecurity Awareness Month
Happy Friday, Federal friends. I hope the 2nd full week of FY15 is going well
for you. Feels like we have the last 2 warm days of the year coming up this
weekend thanks in part to this little graphic from NOAA.
October, one of the nicer month's out of the year is also known as Cybersecurity
Awareness month. We talked about it earlier this month in another blog post
[/2014/10/06/cyber-security-awareness-month-taking-it-to-the-c-level-and-beyond]
, but I wanted to highlight it here as well. While
1 min
Metasploit
Federal Friday - 10.3.14 - Happy (Fiscal) New Year
Happy Friday, Federal Friends! Something seems a little different this year than
last year, can't quite put my finger on it though...
[/2013/10/04/federal-friday--10413--shutdown-edition]
So, being that we all just made it through another roller coaster of a FY I
wanted to keep today fairly light. Just as we've seen the frequency of attacks
increase we have also seen a dramatic rise in cyber related plot lines and
references in mainstream media. The latest being a CBS show called Scorpion,
ahem
1 min
Metasploit
Federal Friday - 9.26.14 - Shell Shocked and Bashed
Happy Friday, Federal Friends! Having a relatively quiet week? Just looking
forward to a quiet end to FY14? Riiiiiiiiight, same here....
Most of you probably had an interesting 2nd half of the week just as we are.
Like a judge at the Olympics, DHS
[http://www.huffingtonpost.com/2014/09/24/new-bash-software-bug-m_n_5878398.html?ir=Technology]
has scored this little diddy a 10 out of 10 both in impact and how easy it is to
use this vuln to run an exploit. While this doesn't have the "world-is-end
2 min
Metasploit
Federal Friday - 9.19.14 - Talk Like A Pirate Day Edition
Arrrrrg! Happy Friday, Federal Mateys! Th' air be crisp 'n th' leaves be
turnin' in New England, which means ‘tis almost the hour to strap on me skis!
Another week has gone by 'n another breach be bein' reported by FireEye
[http://www.fireeye.com/blog/technical/2014/09/putting-transcom-in-perspective.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29]
. Arrrgh mateys, 'tis one involves a foreign government penetratin' th' net
1 min
Metasploit
Federal Friday - 8.22.14 - A Sensitive Cloud and Some Additional Strategy
Happy Friday, Federal Friends! Do you hear that? That sound you're hearing is
the collective high-five every adult with children just gave each other in
celebration of "Back to School [http://giphy.com/gifs/WKdPOVCG5LPaM]." For those
of you who's summah is coming to a close, I hope it has been a great couple of
months. For those of you that don't have to worry about that, I'll see ya at the
empty beach in September.
I read a great article this week about another take on cyber strategy.
Piggy--b
1 min
Metasploit
Federal Friday - 7.11.14 - Buying Agile
Happy Friday, Federal friends! Due to the heavy amount of CDM paperwork I've had
to do this week I'm going to keep today's blog very short.
As we forge ahead into the spending spree
[http://fcw.com/articles/2014/07/11/snapshot-fy-2014-q4-spending.aspx] that is
Q4 of FY14, it's important to know how to navigate the buying process on the
federal side of the house. FCW has a great article
[http://fcw.com/articles/2014/06/26/buying-agile-without-jumping-through-hoops.aspx]
this week offering a hos
3 min
Metasploit
Federal Friday - 6.27.14 - A Clash of Cultures
Happy Friday, Federal Friends! Welcome to the weekend, and for those of you who
are out next week, happy Fourth of July.
There was a great, short, read from the Washington Post
[http://www.washingtonpost.com/business/on-it/cias-cio-working-with-private-sector-can-be-a-clash-of-cultures/2014/06/24/42213114-fbad-11e3-b1f4-8e77c632c07b_story.html]
this week about a talk given given by CIA CIO Doug Wolfe at a recent symposium.
He was talking about the Agency's coming deployment into AWS but went i
2 min
Metasploit
Federal Friday - 6.20.14 - Winter is Coming
Happy Friday, Federal friends. The World Cup (soccer tournament) is underway,
and while futbol is fun to watch for a few weeks, we are really waiting for the
start of football training camp.
Sorry about the title, especially for those in the Northeast. It's more of a
play on Game of Thrones ominous tag line, and about how one should be prepared.
In this case I'm using it in reference to the pending changes coming to NIST
800-53
[http://www.informationweek.com/government/cybersecurity/nist-secur
2 min
Metasploit
Federal Friday - 6.13.14 - New Group, Same Story
Happy Friday, Federal friends! It's another lovely Fall day here in Beantown but
I hope each of you are enjoying your early Summer weather. Some exciting news as
Rapid7 was named one of the Top Places to Work by the Boston Business Journal
(#11 Mid-size company)!
I'm going to keep it short and sweet today considering this is a topic I've
covered before. Given the news stemming from a new CrowdStrike
[http://www.crowdstrike.com/sites/all/themes/crowdstrike2/css/imgs/platform/CrowdStrike_Global_T
1 min
Metasploit
Federal Friday - 5.30.14 - Social Engineering from the Middle East
Happy Friday, Federal friends. You can tell it's almost Summah up here because
it's been 50 and raining this week.
So an interesting piece of news from an article on DarkReading
[http://www.darkreading.com/attacks-breaches/iranian-cyberspies-pose-as-journalists-online-to-ensnare-their-targets/d/d-id/1269270]
this week regarding an ongoing campaign targeting government officials and
contractors of both the US and Israel. This is a mash-up of social engineering
techniques from phishing to social
2 min
Metasploit
Federal Friday - 5.16.14 - Cloudy with a Chance of Insider Threats
To quote the multi-dimensional, world-renowned lyricist Rebecca Black:
"Yesterday was Thursday, Thursday. Today i-is Friday, Friday." With that being
said -- welcome to the weekend, Federal friends.
I wanted to start this week off with an article from GCN
[http://gcn.com/articles/2014/05/09/insight-hybrid-cloud-security.aspx?admgarea=TC_SecCybersSec]
around government and the cloud. While the cloud trend has steadily increased
over the past few years, the demand to bring it on board within the
2 min
Metasploit
Federal Friday - 4.25.14 - A Whole Lot of Oops
Happy Friday, Federal friends! I hope all of you enjoyed some nice family time
over the respective holidays last week. After a successful Marathon Monday here
in Boston we're blessed with chirping birds and blooming flowers (finally)!
As you all probably know by now, Verizon released their latest DBIR
[http://www.verizonenterprise.com/DBIR/2014/reports/rp_dbir-2014-executive-summary_en_xg.pdf]
report earlier this week. While this report covered a wide range of topics in
regards to breaches, I