Thunderspy and Your Cybersecurity Program with a picture of a lightning strike

Thunderspy And Your Cybersecurity Program

A newly released set of vulnerabilities termed “Thunderspy” allow an attacker with physical access to your encrypted computer in sleep mode (not powered off and not hibernated) to take full control of your system utilizing a Thunderbolt port. In this compelling video, Thunderspy’s author, Björn Ruytenberg, demonstrates bypassing the Windows lock screen in under five minutes using a set of …

Zoom Risk Assessment Toolkit

Today we are publicly releasing our Zoom Risk Assessment Toolkit so that organizations can make a risk-informed decision on whether to use Zoom, what compensating controls to put in place, and to be able to communicate these decisions in terms of business risk. This work came about because we were asked to help a client answer the question, “Is Zoom …

How I hacked an electric company

How I Hacked an Electric Company

How I hacked an electric company using no phishing or social engineering tactics. This company had previous pen tests that missed this underlying vulnerability that plagues so many organizations. We’re using data breach analytics to inform our cybersecurity services to get into the mind of the hacker. The lessons learned at the end of this video are crucial for modern …

Social Media Security & Hacking Password Reset Functions

NFL Twitter Hack and Password Reset Functions

Discussing the recent Twitter account breaches of 15 NFL teams and Facebook resulting from a password reset flaw in a third party-developed application, Khoros. Learn how hackers use password reset flaws to bypass authentication and what we can all do to improve social media account security and make sure these flaws don’t bite us! It is time we start treating …

Video frame of Geoff holding the 2020 Healthcare Data Breach Intelligence Report

How To Approach Vendor Risk Management

In my latest video below I discuss the largest healthcare data breach of 2019 and how organizations should approach vendor risk management to manage the risk that your vendors present to you. 63% of all healthcare data breached in 2019 was due to the breach of one third-party collection agency, American Medical Collection Agency (ACMA). This breach affected Quest Diagnostics, …

2020 Healthcare Data Breach Intelligence Report

I’m pleased to announce our first-of-its-kind Healthcare Data Breach Intelligence Report. This value-packed free report is a must read for anyone in the healthcare space. We detail the top healthcare threats, most critical security controls (as cited by HHS OCR), the largest healthcare data breaches of 2019, a state-by-state comparison of reported breaches, and provide a data breach prevention blueprint. …

My Favorite IoT Hacks – Webinar

“My Favorite IoT Hacks” is now available on webinar replay. IoT will soon outpace non-IoT devices. Your cybersecurity program needs to account for widespread, insecure, and sometimes unexpected IoT devices. In this talk, Geoff Wilson, CEO of Go Security Pro, will detail IoT hacks and why these devices are such attractive targets. Geoff will also introduce practical strategies for protecting …

Introducing Susan Wilson, Co-Founder and Chief Operating Officer

Hi, my name is Susan Wilson. I have been on the periphery of cybersecurity for about 20 years now.  And by that I mean, I supported Geoff Wilson, my spouse, during his graduate school education in 2003-2005 at Carnegie Mellon University (back when Operating Systems was a required course!) during his Masters of Information Security Technology and Management. Most in …

BlueKeep Courtesy Scan

BlueKeep Courtesy Scan

At Go Security Pro, we are offering a courtesy BlueKeep scan to check if your network is exposing RDP services that could be exploited. The BlueKeep vulnerability (CVE-2019-0708) is a remotely exploitable flaw in the Remote Desktop Protocol (RDP) Services on older versions of Windows. In our Apply the BlueKeep Patch Now blog post, I detailed the systems it affects, …

When Strict Password Policies Backfire

Passwords that are changed more frequently are more secure, right? Not necessarily. I was working with an organization that takes security seriously. Defense in depth and least privilege permeate their environment. Users do not have administrator privileges and are not allowed to remotely login to systems. Network segmentation keeps a compromised workstation from reaching the administrator interfaces on servers. Only …