Penetration Testing: Why it's Needed and What to Look For in a Penetration Test

Posted by John Hallqvist on Nov 7, 2019 9:14:50 AM

A Security Breach Can Happen To Anyone: Small or Large

Many in the cyber security industry are aware of the Equifax breach. It was one of the largest and most well- known data breaches to date, affecting 143 million personally identifiable information (PII) records of U.S. citizens. Perhaps the most alarming detail about this breach was that Equifax did indeed have a robust security program. Hackers were able to circumvent security controls by exploiting a vulnerability in the open source component, Apache Struts, which is an open source web application framework used to develop Java web applications. During that same year, WannaCry ransomware was released into the wild and there were a record breaking 14,000 vulnerabilities reported to US-CERT, according to CVE details1. In 2018, that number jumped to over 16,000. The lesson every organization should learn from this event is that a breach can happen to any business, small or large.

Read More

Topics: Cyber Security, IT, Managed IT, MSP, Penetration Testing, Security Breach

What Should You Expect From a Managed IT Provider in 2020?

Posted by John Hallqvist on Oct 24, 2019 8:09:25 AM

Why Outsource to a Managed IT Provider

Many organizations employ the services of a Managed IT Services Provider (MSP). One reason for this may be due to the high cost of employing an IT Professional in-house. According to the Bureau of Labor Statistics, the median salary for a Network Administrator in 2018 was $82,050 (not including costs of healthcare, paid time off, and other benefits). Given that the job market has continued to be at all-time lows, companies are focusing on leveraging their capital and other resources to focus on hiring talent that contributes to their core business. Shifting funds from strategic roles to support roles may hinder a company’s ability to compete, which may be a reason why companies are moving to and continue to outsource IT functions.

Read More

Topics: Cyber Security, IT, Managed IT, MSP

Re-Blog: Wi-Fi Alliance Introduces Security Enhancements

Posted by Jesse Homa on Jan 11, 2018 9:55:33 AM

With all the security news recently of WPA2 wireless being broken with the KRACK attack methods, the Wi-Fi Alliance® has put together the next security standard called WPA3 that should do away with most of the insecurities of WPA2 and open wireless networks altogether. WPA3 is expected to arrive sometime in 2018. 

Read More

Topics: Cyber Security

Re-Blog: "The Motherboard Guide to Not Getting Hacked"

Posted by Jesse Homa on Nov 21, 2017 12:30:00 PM

Cyber Security is an on-going battle and there isn't one best way to protect yourself. Because security is so important and there are many aspects to it, The Motherboard published a great comprehensive guide on how to not get hacked. This article is updated regularly and is great for just about everyone. If you have further questions regarding cyber security and how to better protect your self contact Cyber Advisors

Read More

Topics: Education, Cyber Security

Thoughts on the Direction of Microsoft and Security

Posted by Terence Kolstad on Nov 17, 2017 3:09:38 PM

I was fortunate enough to attend the Microsoft Ignite conference in Orlando, FL this year. During the conference, there was a TON of information to gather, experts to network with, and vendors to see in the Expo Hall.

Read More

Topics: Education, Cyber Security

In the Know - Cyber Security Update - Week of October 1st - October 8th

Posted by Eric Brown on Oct 8, 2017 9:10:41 PM

October is Cyber Security Awareness month, it’s likely that one of your email accounts has been involved in a breach - find out how to know for sure, let’s ditch Yahoo mail together, a new password stealer is in the wild, and another unsecured database is discovered, this time compromising NFL players and their agents private data.

Read More

Topics: Cyber Security

In the Know - Cyber Security Update - Week of September 24th - October 1st

Posted by Eric Brown on Oct 3, 2017 8:04:59 AM

Attackers turn their attention to foods this week, Wholefoods & Sonic compromised point of sale systems, cause fire sale of credit and debit card account numbers on the dark web, we learn how much Tinder knows about you, and it seems the Deloitte hack is going to be a lot worse than originally estimated.

For those in the Twin Cities:

We are having a Cyber Security Fall Forum at Utepils Brewery on October 17th, Craft beer, soda, food and an afternoon of Cyber Security!  Register here:

Read More

Topics: Cyber Security

In the Know - Cyber Security Update - Week of September 17th - September 24th

Posted by Eric Brown on Sep 24, 2017 7:03:17 PM

Pattern recognition easily defeats Android passwords, more Amazon S3 buckets exposed, GPS coordinates on an Instagram post lead to a Most Wanted Arrest, and WI-FI theft causes the FBI to raid the wrong home. 

We continue with our theme of improving our security posture by looking at some quick ways to keep our own personal WI-FI from being hacked.

For those in the Twin Cities:

We are having a Cyber Security Fall Forum at Utipils Brewery on October 17th, Craft beer, soda, food and an afternoon of Cyber Security!  Register here:

Read More

Topics: Cyber Security

In the Know - Cyber Security Update - Aftermath of Equifax Part 2

Posted by Eric Brown on Sep 18, 2017 1:23:16 PM

This week we learned:
1.    The Equifax breach was indeed the result of an unmitigated known security vulnerability in the Apache Struts 2 web application service discovered in March 2017 Apache Struts CVE-2017-5638.
2.    Security researchers exposed an additional database in Argentina protected with the credentials of admin/admin.  Equifax claims that this database had not been used since 2013 which leads one to question what other databases were left exposed to the internet with easily guessable passwords.  
3.    Two executives have “retired” and the CEO will be facing a congressional inquiry on October 3rd.

In last week’s article we focused on tackling the immediate steps to take charge of your own credit.  If you haven’t had a chance to freeze and review your credit and change your logins and passwords please consider doing so.  Keep track of all of your receipts and expenses related to the breach, as there will be opportunities to participate in a variety of lawsuits, especially if your identity was stolen as a result of Equifax’s negligence.  There’s also the opportunity to take a short position through put options or a straight short sale, if that interests you.  The stock has moved 50 points down in the last 2 weeks and some speculate that it still has further to go.

This week the focus will expand to include ways to protect your overall identity and take back control over what information companies have about you.  Recent legislation allows ISP’s (Internet Service provider) to get into the data mining business and collect information about your browsing history, geo location, and online activity.

Three things you can do to protect  your browsing.
1.    Use a VPN (virtual private network) service that doesn’t log your data.  For a few dollars a month you can set up a VPN service, creating a virtual encrypted network tunnel between your computer and the VPN service provider.  Since all Internet traffic will be coming from the network you connect to at the end of the tunnel, your ISP will be blind to your surfing activities.  VPNs are a must have for people who connect to public wifi connections in coffee shops, libraries, etc.
2.    Use a tor browser:  Tor obfuscates your traffic by sending it through a free relay network which helps to conceal location and browsing information from anyone conducting network surveillance, including your ISP.

3.    Make sure the sites you browse leverage HTTPS instead of HTTP.  HTTPS traffic is encrypted, and while your ISP can see the site that you visit (unless using a VPN or tor browser) it won’t be able to see and record as much of what you are doing on the site.

4.    Use a web browser that has built in tracking prevention and/or install 3rd party extensions such as Ghostery, Ad Block, uBlock Origin or Privacy Badger.  Reminder:  Some sites rely on ad revenue to survive.  Consider white listing the sites you frequent, and those sites that promise an ad-light experience.
Write up on new Safari tracking prevention:

Secure Email – Setup time 10 minutes.  Cost:  free or a small monthly fee.
All of the free email providers (Yahoo! (Verizon), Gmail, Hotmail (Microsoft)) and many of the paid providers (Comcast, other ISPs, etc.) scrub your email for content and sell metadata about you.  All of the major social media providers (Facebook, Twitter, Instagram, Snapchat) also collect and store information about you, not only is this information available for sale in metadata form, it’s also available to the federal government.

The PRISIM program allows for the collection of Internet communications from at least nine Internet companies.  The data collected includes E-mail, Chat (video & voice), Videos, Photos, Stored data,  VoIP, File Transfers, Video Conferencing, login data, Social networking details (Geo locations, etc).

If you wish to exclude yourself and your data from this type of collection then a place to start is by making sure your personal email is encrypted in transit and at rest by using a secure email provider.

Proton mail is a provider that offers encrypted email with data stored on servers in Switzerland, a country known for its privacy laws.  Proton mail is unable to provide access to your data to any country or entity because 1.  Swiss laws do not allow it.  2.  Proton mail does not have cryptographic access to your data.

Read More

Topics: Cyber Security

In the Know - Cyber Security Update - Aftermath of Equifax

Posted by Eric Brown on Sep 12, 2017 10:24:51 AM

This week, instead of reporting five incidents of the previous week, I’m just going to focus on one, the Equifax breach. With over half of the adult population in the US impacted, it is likely that you, or someone you know is affected.
Over the next two weeks I’ll provide an overview of steps we can all take to tighten up our own security, starting with preventing unauthorized use of our personal information. Most of these solutions are free or low cost.
We’ll start with the most important items first and things that would ideally be done this week. If you are unable to, or are reading this at a future point in time, the items are still relevant and can be done anytime.
There are four credit bureaus, three that report credit and assign a score – Experion, Equifax, Transunion, and one, Innovus, that just reports on credit. We’re going to work with all of them to make sure that you have full control over your credit.

Read More

Topics: Cyber Security

About this blog

Welcome to the Cyber Advisors Blog.  Please take a moment to read through our content.  If you would like more information on any of these topics, simply reach out to us via contact information below.  If you find our content valuable, please subscribe.  


Would you like to hear from us? Click Below!
Learn More

Subscribe Here!

Recent Posts

Posts by Tag

See all