Vulnerability & Patch Management Process

December 24, 2016December 16, 2017 / Miguel Bigueur / Leave a comment

1. Introduction

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)[1]

It is essential, in today’s society, for businesses to have an online presence in order to be fully capable of engaging in e-commerce and stay competitive. As a result, it’s imperative that businesses protect their data and put IT security at the forefront of everything they do online and off. With the advancement of new technologies comes opportunities for businesses to fall victim to scams through various attack vectors some of the most popular being social engineering and online computer network infiltrations. Continue reading →

Putter Panda Cyber Threat Intelligence Card

December 18, 2016December 16, 2017 / Miguel Bigueur / Leave a comment

Report by Miguel Bigueur and Daniel Bradley

Executive Summary

Putter Panda is a criminal hacker organization based out of China that has been linked to numerous cyber espionage events against American and European governments and corporations. They are linked to China’s shadow army known as, Unit 61486 of the 12^th Bureau of the People’s Liberation Army’s 3^rd General Staff Department.

Putter Panda is accused of launching Advanced Persistent Threat (APT) style espionage campaigns against American and European based space and defense companies. The group’s primary motivation is economic advancement, and accelerating time to market for knock-off technologies^[1]. Continue reading →

Wireless Network WiFi zone icon

Incident coordinator pressing INCIDENT RESPONSE on an interactive touch screen. Computer security concept. Man in blue suit is highlighting an open lock among forensic tool icons signifying a breach.