Zach Turpen
Recent Posts
Unpatched Internet-facing Exchange? Time to Assume Compromise
On March 2nd, 2021, Microsoft released emergency patches for four vulnerabilities for Microsoft Exchange CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. At the time, Microsoft warned these vulnerabilities were actively being...
Another Critical Vulnerability in Zoom (Security Layers FTW)
The hits just keep on coming for Zoom teleconferencing this year as a new critical vulnerability was disclosed late last week. This is, of course, in addition to the other two critical vulnerabilities that were disclosed last month, as well as the...
UPnP Devices at Risk from New Vulnerability
Universal Plug and Play (UPnP) has been a security nightmare since its inception over a decade ago. This technology is generally found in consumer-grade networked devices and allows them to discover other UPnP devices automatically on the network to...
New Wormable SMB Vulnerability Disclosed
Microsoft published a security advisory (ADV200005) yesterday warning about yet another vulnerability in, yep you guessed it, SMB. This time the vulnerability is in SMBv3 and it has to do with a buffer overflow in the code that SMBv3 uses to handle...
Worrying Trends Evident in FBI 2019 Internet Crime Report
Each year the FBI compiles all the reports it receives through the Internet Crime Compliant Center (IC3) into an annual report. This report, released February 11, 2020, gives us a window into current techniques and tactics being used by cybercriminals....
Keeping Your IoT Gifts Secure This Holiday Season
IoT Has Arrived With the holiday season in full swing, many of us have Internet of Things (IoT) devices on our wish lists or the wish lists of friends and family. These are home automation technologies like lights, thermostats, doorbells, smart TVs, and...
Microservices: What They Are and What You Need to Know
As a security practitioner, part of the job is to keep up with the changes in technology. This is certainly no easy task as things are changing at breakneck speed. New architectural concepts, the rise of cloud, new data processing models, lots more data,...
How to Determine the Cybersecurity Needs of Your Business
The Cybersecurity Cost Center Problem One of the most challenging aspects of working in cybersecurity is demonstrating value. Despite the breaches that dominate the news and the headlines surrounding ransomware wreaking havoc on organizations each day,...
LLMNR, NBT-NS, DNS and other acronyms I can own your network with ; )
I do a lot of penetration testing for our clients at TechGuard, and each engagement is different and challenging in its own way. The environments change, the maturity of the security programs vary and the goals of the engagement change based on the...
Who’s Ready for a Breach?
The Road Show Last week Zach Turpen and Nate Rice took the show on the road for a series of workshops with executive teams from various industries. Our topic: the ever-divisive Cybersecurity Incident Response Plan (CSIRP). Our goal was to inform these...
Critical Vulnerability in Drupal Disclosed - Active Exploits Found in Wild
Drupal is one of the most popular Content Management Systems (CMS) around, allowing users to build custom websites with ease using thousands of themes and plugins. The rich features of the software attract a lot of organizations to use the platform for...
