More about Javier Young
Javier is a principal within the Cybersecurity Services Group at CLA. Prior to joining CLA, Javier spent ten years supporting the Department of Defense as well as a financial services company in the fields of insider threat, incident response, analytics, and systems engineering.
Blog Posts by Javier Young:
-
NIST’s Current Challenges to AI Risk Assessments
While artificial intelligence (AI) and machine learning (ML) are integrating day to day life, from digital assistants to image, video, and language processing, there is still no formal and finalized risk assessment process for the technology – but NIST is in the process of changing that.
-
Uptick in Phishing Attacks on LinkedIn
Regular users of the professional networking and social working platform have noticed an increase of threat actors trying to steal critical personal information through phishing attacks using false LinkedIn accounts to trick unsuspecting victims to give up confidential information.
-
GLBA Safeguards Rule Update
An updated rule for GLBA safeguards may mean some financial institutions need to review their security and handling practices. Is your organization prepared to navigate these complex decisions by the December 2022 deadline? Check out this article by Kadian Douglas that explains the FTC GLBA Safeguards Rule.
-
Cybersecurity & Infrastructure Security Agency (CISA) Malware Alert (AA22 054A)
“Sandworm”, a Russian state-backed hacker group within the GRU (Russian military intelligence organization) has released new malware called ‘Cyclops Blink’….’Cyclops Blink’ can lead to a complete network compromise, by allowing attackers to gain access to the external perimeter firewall.
-
Build Your Own OSINT APIs for Pen Testers
tend to rely heavily on open-source intelligence (OSINT) data sources and APIs. This blog post is all about the value of mining OSINT data ourselves, and shows how to index very large datasets for quick searches.
-
The Art of Exploitation: Domain Admin from the Internet via eTRAKiT
In this post, we will look at a SQL injection vulnerability within the eTRAKiT web application without authenticating to the web application and resulting in obtaining a remote connection to the backend database.
-
Cybersecurity in Higher Education – People, Process, and Associated Risks
Authored by Jacob Paullus
Information Technology and Information Security are some of the most important yet most complicated ecosystems to construct in a Higher Education environment. Between students, staff, and faculty, many of these institutions have a larger technological footprint than some of the largest companies in the world.
-
Learn about CIS Controls v8
Authored by Bill Sugnet On May 18th, The Center for Internet Security (CIS) released version 8 of the CIS Controls. From the earliest versions, the CIS Controls totaled 20 and were even referred to as the CIS Top 20 at one point. In version 8, CIS has added one control, and combined a few others. […]
-
Splash Pages/Captive Portals for Corporate Guest Wireless Networks
Authored By: Jennifer Friel What is a Splash Page/Captive Portal? A Splash Page/Captive Portal is a page which users are directed to prior to connecting to a Guest Wireless Network. On this page, the user is required to view and interact with the page prior to being allowed access to any other sites or web connections through the network. Why a Splash Page /Captive Portal? While […]
-
CIS and Akamai to Offer No-Cost Malicious Domain Blocking and Reporting Service for U.S. Hospitals
Authored By: John Hoffoss The Center for Internet Security (CIS), together with Akamai, is offering a service called Malicious Domain Blocking and Reporting (MDBR), which prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block most ransomware infections just by preventing […]