Innovative Minds - On Point - One Group  

Information Leakage

This is the blog for MindPoint Group's Information Security & Privacy (ISP) division. We hope to use this to contribute to and debate ideas among the ISP community.
06
Sep
2018

Social Engineering Part 3: Phishing

By:

If you survey your co-workers, chances are high you will find they have received a phishing email at some point. It’s not surprising since phishing is the number one cause of breaches in the world, with an average of more than 46,000 new phishing sites created per day, or nearly 1.5 million each month (Webroot

Read More

15
Aug
2018

Social Engineering Part 2: Open-Source Intelligence (OSINT)

By:

“Most scams work because victims are successfully convinced the scam is real. Thus, victims give criminals their information more often than it is maliciously stolen. A scammer’s main goal is to convince you to hand over your information voluntarily, as opposed to using forceful intimidation or threats.” “While hostility is one social engineering methodology, expert

Read More

10
Jun
2018

Inherent Risk Tiering for Third-Party Vendor Assessments

By:

It can be a challenging and overwhelming task to adequately manage the risk associated with outsourcing technology or business processes, no matter the size or sector of the organization. This is supported by a study sponsored by the Ponemon Institute, which gathered responses from hundreds of respondents across both public and private sectors to present

Read More

09
May
2018

Conducting and Detecting Data Exfiltration

By:

Is your organization taking proactive measures to prevent a data breach?  From 2016 to 2017, the number of data breaches in the U.S. increased by 45%. According to the Identity Theft Resource Center, more than 1,500 data breach incidents occurred in 2017, of which 53% exposed social security numbers and 19% exposed credit card numbers.

Read More

03
Mar
2017

Lateral Movement with PSExec

By:

Lateral Movement: An Overview During the early stages of an engagement, penetration testers look to gain a foothold into the target network. Depending on what scenarios are agreed upon by the client and laid out in the Rules of Engagement, this foothold may occur through social engineering attacks such as phishing campaigns or by compromising

Read More