PeopleSec Blog


Owasp

What is OWASP?

The Open Web Application Security Project (OWASP) is an online, open source, and non-profit organization that specializes in creating tools, methodologies, articles, and documentation about web application security. All of this information is freely available and the information is renowned to be practical and unbiased in nature. It also assists firms in developing, maintaining, and […]

scam phone call numbers

Recent Scam Phone Call – Numbers

Below is a list of some the most recent numbers associated with a scam phone call. If you are wondering whether or not to trust a phone number then Do Not Trust It.   Here are a few of the most reported scammer phone numbers recently;  (844) 809 – 6672 (844) 887 – 8082 (888) 489 […]

Nessus Vulnerability Scanner

Nessus Vulnerability Scanning Tool

Nessus is one of the most popular vulnerability assessment tools. Capable of running more than 1,200 checks and scans it is great starting point for enumerating your security apparatus.   It is free to use for personal users in a non-enterprise setting, and has consistently been rated as one of the best vulnerability scanners in the world. […]

Ethical Hacking

Ethical Hacking – Creating Safer Networks

It’s no surprise that cyber-attacks are continuing to rise, as countless new devices connect to corporate networks every day.  According to the World Economic Forum’s Global Risks Report 2016, cyber-attacks are now costing the global economy over $445 billion.  While this conservative number does not directly translate into profits, it becomes pretty clear that these criminals […]

Google Doc Phish

Google Doc phish Example & ways to Identify

There is a google doc phish going on and it seems to be very wide-spread. This new threat is hitting most major organizations.  As often happens, the message makes its way through spam filters and the untrained users make the virus spread like wildfire. Once someone clicks the link, it hijacks their account and spams their […]

SQL Injection

SQL Injection – High Level – Threats & Remedies

SQL injection is a malicious code injection technique and is one of the most common hacking techniques on the web. Capable of attacking applications or websites that rely on an SQL-based database. It is also one of the oldest as well as one of the most dangerous types of threats. An attacker will add, alter, or eliminate […]

Cybersecurity insurance

Cybersecurity Insurance

Let me start off by saying, an insurance policy is a band-aid and not a solution. Cybersecurity insurance only mitigates damage arising from incidents such as data breaches, virus insertion, and reputation damage. Furthermore, it is nothing like traditional insurance due to the nature of the damage involved. Remember an ounce of prevention is worth a […]

Data Protection Act

What is the Data Protection Act (DPA)?

  The Data Protection Act (DPA) passed in 1998 by the Parliament of the United Kingdom.  It’s basically an update to how the data of living people is to be legally handled and utilized in the United Kingdom. The act was a direct response to the growth of the Internet and is intended to prevent […]

GDPR

General Data Protection Regulation-GDPR

The General Data Protection Regulation (GDPR) is a European Union regulation to protect the security of citizens. Specifically in respect to personal data processing and the free movement of all relevant personal data. Labeled ‘Regulation (EU) 2016/679’, the European Commission. The European Parliament, and the European Council seek to strengthen and centralize data and privacy […]

Microsoft-support-scam-phishing

Microsoft Support Scam

The phone number and web address keep getting taken down and new ones keep popping up. But there is a Microsoft support scam going on requesting personal information. Do Not give them any information.  Here are a couple screen shots from a few different people encountering this scam. Vigilante hackers have done some research and […]

PCI DSS data protection

PCI DSS – what you need to know in order to stay compliant

The PCI DSS (Payment Card Industry Data Security Standard) is an industry-wide data security benchmark for firms that deal with payment cards issued by the biggest payment card gateway organizations. The guidelines increase the security of cardholder data as well as minimize the risk of credit card fraud. Developed by the PCI Security Standards Council […]

Social Engineering & Cybersecurity

Social engineering has become the new standard in both cyber-attacks as well as physical security.   Many organizations are fighting back and are quickly making education a priority. First off let’s enumerate a few of the most common types of social engineering attacks and then let’s go over ways to address these threats. Email Phishing […]