PreCog Security, Inc.

PreCog Security, Inc.

Computer and Network Security

St Petersburg, FL 311 followers

We help you TEST, FIND and FIX your vulnerabilities before the cyber attack happens.

About us

PreCog Security Inc. is a US based (St Petersburg, FL) cybersecurity risk mitigation company. Our mission is to help you minimize your cybersec risk and bring you to safety. We simplify complex cybersecurity assessments so that they are understandable to everyone: “So easy that grandpa can use it and congress can understand it”. Our method is straight forward: Test > Find > Fix. 1. TEST your website, application, software or network 2. FIND vulnerabilities, risk and threat 3. FIX security gaps before hackers attack.

Industry
Computer and Network Security
Company size
2-10 employees
Headquarters
St Petersburg, FL
Type
Privately Held
Specialties
cybersecurity, penetration testing, bug bounty, risk analysis, vulnerability research, ethical hacking, white hats, DevSecOps, security code review, and Startup Security

Locations

Employees at PreCog Security, Inc.

Updates

  • View organization page for PreCog Security, Inc., graphic

    311 followers

    Extra extra - read all about it 🗞️ on Mark’s “Threat Thursday” post 📰 #socialsecuritynumber

    View profile for Mark Vesic, graphic

    Sales Engineer/Security Researcher at PreCog Security

    🚨 BREAKING: Threat Thursday - A hacker group claims to have every American's Social Security Number! 😱 Imagine waking up to find your most sensitive information floating on the dark web. This isn’t a nightmare; it's a reality that could impact millions. In my latest article, I dive into the details of this massive breach, its potential risks, and the urgent steps you must take to protect yourself right now. Don’t wait—your financial future could depend on it. #cybersecurity #finance #fraud #technology #consulting

    Hacker Group Claims to Have Every American's Social Security Number: What You Need to Know

    Hacker Group Claims to Have Every American's Social Security Number: What You Need to Know

    Mark Vesic on LinkedIn

  • View organization page for PreCog Security, Inc., graphic

    311 followers

    Week 23 - Crowdstrike and Microsoft Outage , the Value of Security Research Community 2024 has 52 weeks - for each week (total of 52 posts) we will raise the awareness of the importance of regular (annual or quarterly) penetration tests and security risk assessments. The community of researchers studying cybersecurity is diverse and spreadout globally, with members employing a number of approaches and theoretical frameworks to investigate a broad range of research issues. Among their tasks may be examining digital technologies and procedures to find possible weaknesses and creating strategies to communicate that information to the public and business sector. In the case of zero-day attacks or massive outages - security researchers are among the first ones to alarm and respond with remediation. One of our own researchers Marko Živanović provided necessary steps to remediate the outage. When scheduling next penetration test - learn how Incident Response , Disaster Recovery and Business Continuity can help your organization minimize the impact of such outage in the future. Security First. #securityresearch #outage #pentest #securityriskassessment

    • No alternative text description for this image
  • View organization page for PreCog Security, Inc., graphic

    311 followers

    Week 22 - Network Penetration Testing Overview “In 93 percent of cases, an external attacker can breach an organization’s network perimeter and gain access to local network resource.” (betanews) 2024 has 52 weeks - for each week (total of 52 posts) we will raise the awareness of the importance of regular (annual or quarterly) penetration tests and security risk assessments Following previous discussion on web application and software penetration testing, we will now focus on Network Penetration Testing. Organizations conducting security risk assessments often adopt one of two approaches: testing their software/web applications or testing their network infrastructure. Regardless of the focus, security teams must adhere to the Penetration Testing Execution Standard (PTES), a framework developed by a consortium of security experts from organizations such as SANS and Tenable. Key Vulnerability Risks at the Network and Infrastructure Level During a network penetration test, the primary exploitable vulnerabilities we target include: • Password Vulnerabilities: This encompasses weak or default passwords, password sharing, and password reuse. • Patching Issues: Identifying outdated and unpatched servers and applications that could be exploited. • Network Misconfigurations: Examining open ports, firewall settings, router and switch configurations, intrusion detection/prevention systems, and wireless network security. Penetration Testing Process The penetration testing process follows a structured methodology: 1. Planning: Defining the scope and objectives of the test. 2. Intelligence Gathering: Collecting information about the target network. 3. Vulnerability Identification: Detecting potential security weaknesses. 4. Exploitation: Attempting to exploit identified vulnerabilities. 5. Risk Analysis: Evaluating the impact of exploited vulnerabilities. 6. Reporting: Documenting findings and providing recommendations. 7. Mitigation: Implementing measures to address identified risks. We are committed to defending your network. DM PreCog Security Inc. or email us at office@precogsecurity.com to schedule your next penetration test. #cybersecurity #pentest #riskmanagement

    • No alternative text description for this image
  • View organization page for PreCog Security, Inc., graphic

    311 followers

    Week 21 - Open Web Application Security Project (OWASP) 2024 has 52 weeks - for each week (total of 52 posts) we will raise the awareness of the importance of regular (annual or quarterly) penetration tests and security risk assessments. With threats and devastating cyber attacks growing at an alarming rate it is important to rely on the cybersecurity research community to assist in strengthening your systems. The Open Web Application Security Project (OWASP) is a non-profit organization founded in 2001, with the goal of helping website owners and security experts protect web applications from cyber attacks. OWASP has 32,000 volunteers around the world who perform security assessments and research. Our own security researcher Mark Vesic highlights in his Threat Thursday article that OWASP top 10 and its standards are there for every organization to follow, especially in the case of web application security. OWASP standards: 1. OWASP Top Ten A list of the ten most critical web application security risks: • Injection • Broken Authentication • Sensitive Data Exposure • XML External Entities (XXE) • Broken Access Control • Security Misconfiguration • Cross-Site Scripting (XSS) • Insecure Deserialization • Using Components with Known Vulnerabilities • Insufficient Logging & Monitoring 2. OWASP ASVS (Application Security Verification Standard) A framework for specifying and assessing application security requirements. 3. OWASP SAMM (Software Assurance Maturity Model) A model to help organizations assess and improve their software security practices. 4. OWASP Testing Guide A comprehensive guide to testing web application security. 5. OWASP Proactive Controls A list of security techniques for developers to prevent security issues. 6. OWASP Mobile Security Project Resources for securing mobile applications, including the Mobile Top Ten risks. 7. OWASP Code Review Guide Best practices for reviewing the security of source code. 8. OWASP Cheat Sheet Series Concise guidance on various aspects of application security. 9. OWASP Development Guide Guidelines for building secure web applications. 10. OWASP API Security Project Focuses on securing APIs, including the API Security Top Ten risks. These standards help organizations prioritize and implement security measures for web applications. If you are an organization looking to perform software security assessment and penetration test feel free to DM us or send email to: office@precogsecurity.com Security First. #webapplicationsecurity #pentest #owasp

    • No alternative text description for this image
  • View organization page for PreCog Security, Inc., graphic

    311 followers

    Week 20 - Cloud Security Assessment 2024 has 52 weeks - for each week (total of 52 posts) we will raise the awareness of the importance of regular (annual or quarterly) penetration tests and security risk assessments. Cloud computing is indispensable for businesses, but it introduces significant security challenges. Understanding vulnerabilities and adopting robust strategies are crucial to safeguard data and applications residing in cloud. Common Vulnerabilities: • Misconfigured Settings: Expose sensitive data to unauthorized access. In 2023, 19% of cyberattacks exploited misconfigurations (IBM). • Insecure APIs: Can be entry points for attacks if not properly secured. • Data Breaches: The average cost was $4.45 million in 2023 (Ponemon Institute). • Insider Threats: Employees with access can cause security breaches. • Lack of Visibility: The distributed nature of cloud services can obscure control. Key Strategies for Cloud Security • Regular Security Assessments: Conduct vulnerability scanning and penetration testing. • Strong IAM Practices: Implement multi-factor authentication, role-based access control, and least privilege principles. • Secure APIs: Use strong authentication, encryption, and regular testing. • Encrypt Data: Protect data at rest and in transit with robust protocols. • Monitor and Audit Activity: Continuous monitoring helps detect suspicious behavior. • Update and Patch Systems: Regularly apply security patches. • Educate Employees: Conduct training programs on cloud security best practices. • Use CSPM Tools: Automate risk identification and mitigation. If you are an organization looking to perform cloud security assessment and penetration test feel free to DM us or send email to: office@precogsecurity.com Security First. #cloudsecurity #cloudsecuritytesting

    • No alternative text description for this image
  • View organization page for PreCog Security, Inc., graphic

    311 followers

    Week 19 - Vulnerability Scan vs Penetration Testing 2024 has 52 weeks - for each week (total of 52 posts) we will raise the awareness of the importance of regular (annual or quarterly) penetration tests and security risk assessments. Too often cybersecurity companies are positioning vulnerability scans as penetration testing and thus stopping short to provide full value to the end user. Our penetration testing team simulates a hacker attempting to get into a business system through hands-on research and the exploitation of vulnerabilities. Our security researchers and analysts (ethical hackers) search for vulnerabilities and then try to prove that they can be exploited. Using top ten OWASP methods like remote code execution, buffer overflow, SQL injection, our experts attempt to compromise and extract data from the systems in a non-damaging way while communicating with client’s security teams and assisting in remediation process. Differences in Vulnerability Scan and Penetration Testing are listed below: Automation (Vulnerability Scanning) vs. Manual Testing (Penetration Testing) • Vulnerability scanning relies entirely on security scanning tools, so it’s completely automated in its assessment. The scan casts a wide net over the entire network. Most regulations will find vulnerability scan as incomplete security risk assessment and not satisfactory. • Pen testing involves a combination of automated tools and manual testing from experienced ethical hackers and security experts to find the exploits and vectors of the attack. Most regulations are asking for full pen test beyond vulnerability scan. Exploiting Found Vulnerabilities • Vulnerability scanning only aims to discover vulnerabilities, not to exploit them. This can result in large amounts of false positives. • Pen testing exploits vulnerabilities it finds, it aims to assess the strength of the security posture. Since pen testing also relies on creative enumeration tactics and techniques to exploit the systems, the penetration testers may discover a zero-day vulnerability in the process and vulnerabilities that pertain to specific systems and web applications. If you are an organization looking to perform Security Risk Assessment and penetration test please DM us or send email to: office@precogsecurity.com Security First. #penetrationtesting #pentest #securityriskassessment

    • No alternative text description for this image
  • View organization page for PreCog Security, Inc., graphic

    311 followers

    Week 18 - Third Party Risk Management (Case of UK Ministry of Defense) 2024 has 52 weeks - for each week (total of 52 posts) we will raise the awareness of the importance of regular (annual or quarterly) penetration tests and security risk assessments. Last week the “UK Ministry of Defence” (MoD) experienced an unprecedented cyber breach , deemed in some circles and the “act of war” by what it seems nation state sponsored attack. Per our security threat researcher Mark Vesic Threat Thursday post - this attack came through a third party payroll software system. “The breach was first identified when unusual activity was detected on the MoD’s external payroll system, operated by a government contractor. The attackers accessed sensitive information, including names, bank details, and in some cases, addresses of active, reserve, and veteran defense personnel. The exact number of affected individuals has not been disclosed, but it is believed to be in the thousands.” Furthermore: “Upon discovery, the MoD took swift action by taking the compromised system offline to prevent further unauthorized access. A multi-point plan was announced to support and protect the affected personnel, including specialist advice and access to personal data protection services. The MoD is also reviewing its cybersecurity protocols and working with the contractor to strengthen the system’s security.” This attack and future ones are strengthening the case of supply chain protection. One of the ways that large organizations (meaning your clients) will strengthen the supply chain protection is mandatory Security Risk Assessment (penetration testing) by all vendors. “Gartner Inc. projects that 45% of global organizations will experience a supply chain attack by 2025—three times higher than in 2021—making safeguarding software supply chains more important than ever.” If you are an organization looking to perform Security Risk Assessment and penetration test please DM us or send email to: office@precogsecurity.com Security First. #securirtyriskassessment #thirdpartyriskmanagement #pentest #ukministryofdefence

    • No alternative text description for this image
  • View organization page for PreCog Security, Inc., graphic

    311 followers

    Week 17 - Tycoon 2FA Shatters MFA 2024 has 52 weeks - for each week (total of 52 posts) we will raise the awareness of the importance of regular (annual or quarterly) penetration tests and security risk assessments. According to our own Security Researcher Mark Vesic and his Threat Thursday report: “Tycoon 2FA represents a new era of threats that sidestep conventional defenses. This Adversary-in-The-Middle (AiTM) phishing kit has quickly gained notoriety for its ability to bypass multi-factor authentication (MFA) processes, targeting vital platforms like Microsoft 365 and Gmail.” Attackers distribute malicious links or QR codes via email. • A security challenge, such as Cloudflare Turnstile, is used to filter out bots, ensuring only human interactions proceed. • Victims are redirected to a phishing site that mimics a legitimate service, like Microsoft 365 or Gmail, with background scripts customizing attacks based on the victim's email extracted from the URL. • A fake login page captures the victim's credentials. • The phishing kit then presents a counterfeit 2FA challenge, capturing the 2FA token or response. • Using a reverse proxy server, the attacker's server intercepts these inputs, relaying them to the legitimate service. This allows the attacker to capture session cookies, effectively bypassing MFA. • Stolen session cookies enable attackers to replay a user's session, maintaining access even if credentials are changed. 1. Education: Train users to identify phishing emails and refrain from clicking on suspicious links. Emphasize the importance of verifying the authenticity of links and QR codes before engaging. Highlight that MFA, while effective, is not infallible and should not lead to complacency. 2. Enhanced security measures: Implement FIDO2 MFA for hardware-based authentication, offering a robust defense against the bypassing capabilities of Tycoon 2FA. Regularly update security software and activate additional features like alerts for unusual login attempts. Utilize behavioral analytics to monitor for abnormal login patterns and swiftly flag any suspicious activities. 3. Collaboration: Encourage collaboration and the exchange of threat intelligence within the cybersecurity community to bolster collective defenses against Tycoon 2FA and similar threats. Perform regular Security Risk Assessment to ensure all the security measures are in place. If you are an organization looking to create customized Security Risk Assessment please DM us or send email to: office@precogsecurity.com Security First. #tycoon2fa #securityriskassessment

    • No alternative text description for this image

Similar pages

Browse jobs