2021 - Assurecondo

20 Dec 21

Network Data Loss Prevention

In this post, I will talk about network data loss prevention (DLP), its importance, and some available dlp solutions. I have written some articles in the past about data, read through the blog to get updated. What is network dlp? While data is in motion, network data loss prevention (DLP) software monitors, detects and potentially […]

13 Dec 21

Email Security

Email security is a vital necessity because email contains sensitive information. Due to the high usage of such means of information transfer, it has since become a major target for attack. This and many more reasons are why companies are favoring the use of cloud-based email services like Gmail, Outlook, Protonmail, etc. What is Email […]

06 Dec 21

Data Privacy: Definition and Overview

The world has gotten so small, as information has become more accessible, shareable, and more vulnerable. Data privacy is the security of personal information from unwanted access by third parties and determines who has access to the information. Personal information like age, location, contact information in both real-time and online platforms are usually open to […]

29 Nov 21

Malware forensic: An overview

If a simple action such as clicking on a link or opening an email can cause disastrous outcomes, then Malware and Malware forensic cannot be overlooked. In my last post, I explained malware, how it works, antimalware and antimalware tools. Check it out here for more understanding. What is Malware Forensic: Malware is the collective […]

22 Nov 21

MALWARE: EVERYTHING YOU NEED TO KNOW ABOUT IT

Malicious Software popularly known as MALWARE is the collective name for any program or software that intentionally puts a computer, a server, a network or group data at risk. Malware is a set of code written or developed by cyber attackers with the aim of intentionally harming certain data set or gaining unauthorized access into […]

15 Nov 21

Computer Network Protocols: What it is and how it works

Computer Network Protocols… What it is and how it works Network protocols is a word I’m sure you have heard in use among diverse technology professionals. In this article, I will try to explain what it is and some of the network protocols employed by information systems. Let’s start with Computer Networks. This simply put […]

07 Nov 21

Virtual Private Database: A practical approach: Column Level VPD

Column Level VPD In my previous post, we did a practical on how to perform Row-level restriction using VPD policies. This practical will focus on the Column level restriction. And as said earlier we will be using the HR sample schema. In this tutorial, we are going to secure some columns in the HR table […]

07 Nov 21

5 steps to ensure a better home network security

A home network refers to a group of devices connected to each other and to the internet through either a wireless or wired network connection. Ensuring the home network security is strong and up to date is an important part of network security. In this short article I will be listing out 5 steps to […]

01 Nov 21

Mobile Device Security

Mobile security is the security measures put in place to avoid risk and vulnerability of data and assets loss attached to using mobile computing devices like smartphones, laptops, Tablets etc. What is so important about Mobile security? The use of Mobile Devices is the future: Slowly and gradually technology has evolved from using stationary devices […]

01 Nov 21

Virtual Private Database: A practical approach

In our previous post, we learnt what the Oracle Virtual Database was all about. If you haven’t read it click here. Without wasting much of your time, let get busy with our practicals What is needed Working Oracle database (10g and above) HR sample schema. Sql work environment (SQL Navigator, Toad, etc) Today’s tutorial will look at the following types […]

25 Oct 21

Introduction to Cloud Computing

The idea of cloud computing might seem like a seriously big deal. Don’t worry I got you today. What is cloud computing? Cloud computing according to The National Institute of Standards and Technology (NIST) is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, […]

25 Oct 21

A Run Through Owasp Top 10:2021

OWASP top 10 and how it works What is OWASP The Open Web Application Security Project (OWASP) is a non-profit foundation dedicated to improving the security of software. OWASP operates under an ‘open community model, this model enables anyone both to participate and contribute to projects, events, online chats, and more. All materials and information […]

27 Sep 21

Microsoft SQL Server Security check

SQL Server, owned by Microsoft is one of the leading data platforms used as a production database to store very sensitive data. We should all know by now that data is an organization’s most valuable asset. This makes it a necessity to efficiently secure the SQL Server database.This quick post will highlight some important back-end […]

26 Sep 21

Nmap Cheatsheet X

Network mapper (NMAP) is an opensource security tool used for network exploration, security scanning and auditing In this article, I will be listing some important Nmap commands that will make network assessment easy. Let’s go! Scan single Ipaddress: nmap ipaddress Scan a host: nmap server1.abc.xyz Scan a host with more information: nmap -v server1.abc.xyz Scan […]

19 Sep 21

Social Engineering: The pervasive art of deception

Social Engineering like the term suggests refers to a diverse range of activities employed by malicious parties with the aim of luring unsuspecting victims to divulge sensitive information which will impact their online safety and might lead to financial loss. This tactic has been increasingly employed by malicious parties in recent years, as it is […]

19 Sep 21

Exploiting the vulnerabilities in Oracle EBS user passwords with tips on how to protect against such exploits

A very nice reader asked if I could make a detailed post on how Oracle EBS user passwords can be hacked and extracted.This is a high risk and additionally a serious flaw on an Oracle EBS solution. Thus I decided to oblige and make the post. It is planned to be as easy to read as possible.Enjoy….. Also […]

15 Sep 21

Phishing Crossword

I bet you’re wondering how to play this game……Don’t overthink it, I’ve explained below how to go about it. There are some empty boxes you’re expected to fill with words. The boxes are numbered in line with the clues listed below. Follow the clues to fill the boxes with the appropriate words, right words are […]

13 Sep 21

Oracle Database Native Auditing Features

Preventing attacks on the database is the only approach to securing the database. Detecting potential attacks is also as important after all, the best security in the world is not going to stop every attacker. This is where the advantage of auditing comes to play. Auditing allows us to monitor the environment and identify potential […]

11 Sep 21

5 Mobile technology apps for Information Technology risk

can be used for information technology risk in no particular order. 1) Active Risk Management 2) Fusion Risk Management...

Think You're Cut Out for Information Technology Risk?

05 Sep 21

Think You’re Cut Out for Information Technology? Take This Quiz

Working in Tech is the new slogan. Everyone today wants a bite from the information technology pie, with this rat race of getting involved with technology, do you think you are cut out for Information Technology? Are you planning to switch careers to Information Technology? Are you wondering if you can cope and survive in […]

ARP poisoning also known as ARP Spoofing is an attack on the network which allows the attacker to intercept network communication between the target computer and the network.

05 Sep 21

Understanding ARP Poisoning: A practical approach

ARP poisoning also known as ARP Spoofing is an attack on the network which allows the attacker to intercept network communication between the target computer and the network. This concept is called MAN-IN-THE-MIDDLE attack and it makes it easy to steal sensitive data like username and passwords, bank data etc.The man in the middle attack […]

29 Aug 21

NOSQL . A summary of what it entails

NoSQL is a database management system that provides a means of storing and retrieving data.It uses a different approach which is completely different from the tabular relations used in relational databases that we are more used to.In this post I will summarize a quick understanding of what NoSQL is with its advantages/disadvantages and uses. There are three (3) common types […]

29 Aug 21

SAP ERP. An Introduction

SAP ERP is a common ERP (Enterprise Resource Planning) software used by companies for the coordination of all core business functionalities, such as procurement, materials management, production, finance, sales, marketing, and human resources. SAP (Systems, Applications, and Products) is believed to be the most common ERP that assists companies of different sizes, small businesses, midsize […]

22 Aug 21

Open Source Tools in Cybersecurity

I have previously written on open source. Here is the link to that article, for more understanding. Today, I want to talk about open source tools. In this article I will discuss 10 open source tools that hackers and security researchers use to gather intelligence,before the real assessment or hacking is done. First, what are […]

22 Aug 21

Oracle Human Resources Management System

Oracle Human Resources Management System (HRMS) is a major component of the Oracle E-Business Suite of applications.Simply put, It is an integrated suite of applications which supports every aspects of the HR function. There are several modules defined in Oracle HRMS eg Oracle Human Resources (HR),Oracle Payroll,Oracle Performance Management,Oracle iRecruitment,Oracle Time & Labor(OTL) etc.In this post […]

15 Aug 21

11 Steps on how HTTPS Secure connection Handshake is established

Every HTTPS connection begins with what is called a HANDSHAKE which is the negotiation between a client and server detailing and agreeing on how they will communicate. The handshake determines the following: What cipher suite to be used to encrypt the communications, Serer verification by Client, Clients verification by Server Lets now go through the 11 steps […]

15 Aug 21

Blockchain Oracles: What are they and how do they work?

In the past few articles, I have written about blockchain, smart contract, smart contract audit and cryptojacking. I saw it fit to do a piece on blockchain oracles and we will be exploring this topic on the borders of: What are blockchain oracles? Blockchain Oracles Use case Types of oracles The oracle problem Blockchain oracles […]

07 Aug 21

Ransomware

With the increasing rate of ransomware, the need to protect files and networks have become essential. Especially if as a company you store a lot of data on your server and you transfer a lot of data also. Both your server and information transfer process needs to be secured to guard against ransomware. What is […]

07 Aug 21

Cryptojacking: what it is, how it works and how to prevent it.

In recent times, I believe the worst that can happen to anyone who trades, invests in cryptocurrency is Cryptojacking. I have written some articles about blockchain and smart contract, read more for better understanding on this topic. What is Cryptojacking? Let me break it down, the word cryptojacking was coined from two words Cryptocurrency and […]

01 Aug 21

Beware!! Sim card cloning is possible: A simple but technical explanation

Mobile phones have transcended from just making calls to being used as a private vault. Nowadays mobile phones are used to store extremely sensitive data including authentication to corporate and personal emails and most especially banking credentials. A high proportion of bank customers now have mobile phone numbers linked with their bank accounts due to […]

31 Jul 21

Auditing Smart Contract

I did a piece on smart contract where I detailed the basics of the technology, how it works, platforms that drive smart contract and its diverse use case. The article can be found here: Smart Contract. In this article, we will further explore smart contracts by considering the security. let us break down Auditing Smart […]

25 Jul 21

Smart Contracts

What are contracts ? What is a Smart Contract ? Smart Contract Platforms Sample Smart Contract code Smart Contract use case A contract is a legally binding document between at least two parties that defines and governs the rights and duties of the parties to an agreement. The concept of contracts is so prevalent today, […]

bjective is to scan SSL ports to determine what security protocols or ciphers supported

24 Jul 21

SSLSCAN: Detecting security protocols in use on a server

SSLscan is another type of port scanner similar to NMAP. However its objective is to scan SSL ports to determine what security protocols or ciphers supported and/or preferred. In this blog post we will be looking at how to access and use SSLscan. It is very useful when it comes to testing security protocols accepted […]

18 Jul 21

How to extract WIFI passwords through Windows Command Prompt

Have you ever experienced the situation where you wanted to utilise wifi configured to connect to one machine in an entirely new machine, but couldn’t remember the wifi password?In today’s post we will be looking at how we can extract wifi passwords via command prompt.To get this done a utility will be used called Netsh. According […]

5 things you need to know about open source to better your use of it.

18 Jul 21

Open source: 5 things you need to know about it to better your use of it.

Gone are the days when mentioning the use of Open source software was considered taboo in companies or business settings. Over time, it use has become acceptable, in fact, open source software is the first consideration when the need arises. While it is now acceptable, it may not be what it seems to be, […]

12 Jul 21

Checking for windows update from Command Prompt

For security reasons, it is important to ensure that your system is properly secured by ensuring it has the necessary security updates/Patch required.This post will focus on how to identify the status of your patch update. It will be done through the command line A patch is a set of changes to a computer program […]

Adware is not a virus rather It is a PUP

10 Jul 21

Breaking down Adware

What is Adware? Are all online Adverts adware? There is nothing more annoying than seeing unwanted advertisement pop-ups while watching your favourite show, playing a game online either on your computer or your laptop. Adverts ranging from how to be a millionaire in seven days, to how to burn belly fat overnight, and a lot […]

03 Jul 21

DDoS: What does it mean?

Distributed denial of service (DDoS) is an attack such that the source website of a company is bombarded with a lot of requests that are more than its capacity, which then affects the ability of the website to function properly. With the rapid recurrence of such attacks, many companies whose business model requires a massive […]

01 Jul 21

Hacking: The untold truths about hacking

Hacking has been associated with a lot of things both legal and illegal. The common image that comes to mind when people hear hacking is that of an individual wearing a mask with a disturbed radio-like robotic voice, a laptop probably wearing a red or black jumpsuit with a lot of pizza boxes thanks to […]

Evaluating Oracle Weblogic Middware Controls

WebLogic is Oracle’s proprietary application server. It is Java base and Inherited when it acquired BEA Systems in 2008.it’s used by many businesses to build and deploy enterprise applications. Weblogics popularity and widespread use has made it a target by malicious individuals.In this post, I will provide you with suggested control that can be implemented […]

28 Jun 21

What is Honey pot in cybersecurity?

Honeypot calls to remembrance the Trojan Horse a concept first put to use in the Greek mythology. It’s an open gift that is part of a game plan. Due to the concurrent incidence of cyberattack, cybersecurity experts then thought of it. Why wait for them to attack first? Why don’t we attract them using a […]

20 Jun 21

How to use YASCA static code analysis tool

Yasca which is an acronym for “Yet Another Source Code Analyzer” is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It leverages external open-source programs, such as FindBugs, PMD, JLint, JavaScript Lint, PHPLint, Cppcheck, ClamAV, Pixy, and RATS to scan specific file types. […]

The unfortunate thing about threats, risk to your data, information and security is that it starts internally little wonder it is called an Insider threat.

17 Jun 21

Insider threat and what you need to know about it

The unfortunate thing about threats, risk to your data, information and security is that it starts internally little wonder it is called an Insider threat. Most attacks on business security and information are not cases of a well designed malicious masks and glove wearing group called Hackers. What is an Insider Threat? An insider threat […]

A forensic audit is a special part of accounting that requires expertise in accounting procedures and legal framework.

12 Jun 21

FORENSIC AUDIT. AN INTRODUCTION

A forensic audit involves going through a firm’s financial record to get evidence that can be used legally in a court of law or for legal proceedings. Big Industries and companies have a forensic audit department. A forensic audit is a special part of accounting that requires expertise in accounting procedures and legal framework. A […]

11 Jun 21

FAQs and Answers in Information Technology Risk

When Big names in the finance, commerce and other industries cannot protect their data, this implies that they are having information leakages and issues recovering their data and here is the point where Information Technology risk comes in. Information Technology risk assists in minimizing the risks associated with the technology environment of a company. It […]

07 Jun 21

5 Undeniable Reasons to Love Information Technology Control

In your quest in choosing a career path have you considered Information Technology Control? Choosing a career path can be quite tedious and require a lot of thoughts and research . If you have ever considered a career in IT Control, here are 5 more reasons why you would love the course or career. It […]

07 Jun 21

Static Code Analysis. An Introduction

Static code analysis is a method in computer program debugging that is done by examining the code without actually executing the program. The process provides an understanding of the code structure and can help to ensure that the code adheres to laid down standards.Automated tools can assist programmers and developers and auditors in carrying out […]

31 May 21

Top 5 Information security professionals to follow on Linkedin

According to reports, Cyber security is currently one of the hottest trends in the IT world- CyberSecurity Venture Report predicted that by the year 2021 the world’s total cyber crime damage will amount to a total of $6 trillion while spending on cybersecurity will exceed $1 trillion. Wow! $1 trillion to save $6 trillion. That […]

7 Resources That will Make You Better at Information Technology Risk

29 May 21

5 Resources That will Make You Better at Information Technology Risk

Information Technology Risk has a very important role to play in the risk management field as it brings to the fore the body of risks that can hamper the achievement of business objectives as it concerns the technology environment. In this article, I have listed out five (5) resources that will not only make you […]

22 May 21

Introduction to Oracle Virtual Private Database

Oracle Virtual Private Database (VPD) enables you to create security policies or group policies to control database access at the row and column level. It allows multiple users to access a single schema while preventing them from accessing data which is not relevant to them. VPD uses Fine-Grained Access Control to limit the visibility of the data to […]

How to sell Information Technology Audit audit to a skeptic

21 May 21

How to sell Information Technology Audit to a skeptic

Information Technology Audit is a sub-field under the Audit function which has garnered a lot of interest in the past few years, largely because of the widespread adoption of technology to drive the core and ancillary parts of businesses. It has become more important because businesses want to address the risk of material misstatements as […]

15 May 21

5 savvy ways to spend leftover Information Technology Assurance budget.

So you have adequately covered all areas of your Information Technology Assurance Budget. then you realize that woah! You still have leftover cash. Now you are wondering what should I do with this leftover budget? How do I spend it? Think No more, I have 5 ways you can spend your leftover information technology assurance […]

14 May 21

How to use Mozilla firefox browser as a penetration testing tool with these add-ons

Mozilla Firefox, is a free and open-source web browser developed by the Mozilla Foundation. It is a very powerful browser with an impressive variety of plugins. A plugin is a piece of software that acts as an add-on to a web browser and gives the browser additional functionality.

09 May 21

Brute-forcing passwords on Microsoft SQL Server to test for weakness

SQL Server is a relational database solution created by Microsoft. It utilises several types of login to gain access to the database namely: Windows authentication which is the default, and is often referred to as integrated security because SQL Server security model is tightly integrated with Windows. In this type of authentication Windows users who have […]

07 May 21

Information Technology Control: Misconceptions Vs Reality.

Information Technology Controls are specific safeguards put in place in a technology-driven environment to ensure that risks are reasonably stemmed, and business objectives are achieved. Technology controls are a big deal in our technology-driven world of today, owing to the fact that almost all our activities, both at the personal and organizational level have a […]

01 May 21

Google Dorks: The ultimate query engine

A Google Dork, also known as Google Dorking or Google hacking, is an advanced technique to retrieve or obtain information from google. It is mostly used to find vulnerable targets and sensitive data using advanced search queries. It is a valuable resource for security researchers. Google is known as a search engine used to find […]

30 Apr 21

Things your boss wishes you knew about Information Technology Risk.

Information technology is a new world entirely and it is so broad it is almost impossible to know all facets of it in depth. Information Technology is one of the branches of ICT

24 Apr 21

Top 5 cybersecurity experts you must follow in 2021

Compiled in this piece in no particular order are the names of our top 5 cyber security experts you must follow if you are serious about cyber security in 2021.

22 Apr 21

VLAN: A basic understanding

VLAN stands for Virtual Local Area Network. This is a local area network where the computers, servers and other network devices are LOGICALLY connected regardless of their physical location.

18 Apr 21

Information Assurance Explained in Fewer than 140 words

Information Assurance is a lot to talk about but I have a word count challenge to fulfil.. Endeavour to rate me at the end of the post. Lets go What is information assurance? It is the continuous reviewing and testing of information and systems in order to ascertain it’s integrity, availability and confidentiality. Let me […]

15 Apr 21

Data State Security in four minutes

A data state is described as the different condition of data while being utilized in a computing environment. The term is especially used in information security.In this post, you will learn the various states data can be in. As an added bonus, you will also learn the various ways we can also protect this data at each individual states. […]

11 Apr 21

Will Information Technology Ever Rule the World?

I feel the right question should be to what extent is information technology ruling the world? Let us consider Information Technology...

10 Apr 21

An Introduction to Blockchain

An Introduction to Blockchain What is Blockchain technology? History of Blockchain Breaking things down Benefits of blockchain What does all this mean? What is Blockchain Technology? Blockchain is a system that makes recording of information foolproof, such that it is difficult to alter or cheat the system. It employs the use of a decentralized digital […]

05 Apr 21

Oracle Database Security and Audit

Oracle database security and audit is important because oracles db is the most widely used database by most if not all organizations worldwide, from keeping records of customer data in banks, hospitals, etc, subscriber data and call logs by telecommunication companies to as big as keeping the entire identity record of citizens of a nation. Because […]

02 Apr 21

4 Basic Reasons Your Security Spending is Unnecessarily High

Having a sufficient security budget is paramount to ensuring an organization’s cybersecurity program is well implemented. There’s every possibility for this budgetary figure to increase largely year after year and stakeholders keep wondering where all the money is going. In some cases, the money is well spent while in some, there’s no tangible value that […]

02 Apr 21

Securing Active Directory Environments – Risk Concern

This post describes in detail the most common practices in securing any Active Directory deploment, in Enterprise environments

24 Mar 21

A Journey to Auditing Virtualization

Virtualization is the process of creating a virtual, representation of an entity, such as virtual applications, servers, storage and networks. It is the single most effective way to reduce Technology expenses by reducing hardware footprint while boosting efficiency and agility for all size businesses. However, good as it is, virtualization can create a single point […]

22 Mar 21

The Biggest Problems With Information Technology Audit, And How You Can Fix It

As technology and innovation maintains an upward thrust in our constantly evolving world of today, Information technology has rapidly become a very vital part of the growth of businesses at different scales and by extension the economy. The activities of Information technology is synonymous to that shiny Ferrarri f8 tributo that goes from 0 –100 […]

problems with your vulnerability management program you don't know

22 Mar 21

14 Faults With Your Vulnerability Management Program You do not know

One of the biggest headaches for organizations security-wise is having to deal with technical vulnerabilities (Faults With Vulnerability Management) periodically. While some organizations have a well mapped out process to manage vulnerabilities, some others still struggle with the “Whack-A-Mole” method, randomly dealing with vulnerabilities as they appear.

Year: 2021