Police officers, during a blackout, often check if a neighborhood has regained power by spotting the faint glow of doorbells. This tiny beacon of light, even in an empty house, indicates the restoration of electricity. Similarly, criminals employ surprisingly simplistic methods to identify potential targets. For instance, car thieves casually traverse streets, subtly lifting car…

Duck, duck, duck… goose! In the classic schoolyard game, the ‘it’ player walks around a circle of seated children, gently tapping their heads and calling them ‘duck.’ Tension builds with every tap until the player chooses an opponent by calling them ‘goose.’ The ‘it’ player runs around the circle and tries to slide into the…

Sun Tzu was a Chinese military strategist and general best known as the author of the immortal work, The Art of War, which is still studied and quoted to this day. Sun Tzu was a believer in preparedness prior to battle and believed that battles are often won prior to being fought. One of his…

In March 1831, James Honeyman and William J. Murray used forged keys to enter the City Bank of New York, emptying the vault of more than $245,000 in bank money. Boy, how times have changed! In the digital age, criminals don’t need to risk their safety by physically entering a bank. Why would they when…

Extortion is about leverage. The more leverage you can attain, the greater the chance that an extortion attempt will prove successful. A ransomware attack is a classic example of an extortion maneuver. A ransomware gang encrypts the systems and data repositories that an organization’s business operations depend on. At that point, everything grinds to a…

Let’s say you’re going on vacation next week to a foreign country. You need to know the weather so you can pack appropriately. You open a weather app, enter your destination, and see that it will be warm, but there’s a slight chance of rain, so you throw an umbrella into your bag. Behind the…

Police officers, during a blackout, often check if a neighborhood has regained power by spotting the faint glow of doorbells. This tiny beacon of light, even in an empty house, indicates the restoration of electricity. Similarly, criminals employ surprisingly simplistic methods to identify potential targets. For instance, car thieves casually traverse streets, subtly lifting car…

Duck, duck, duck… goose! In the classic schoolyard game, the ‘it’ player walks around a circle of seated children, gently tapping their heads and calling them ‘duck.’ Tension builds with every tap until the player chooses an opponent by calling them ‘goose.’ The ‘it’ player runs around the circle and tries to slide into the…

Sun Tzu was a Chinese military strategist and general best known as the author of the immortal work, The Art of War, which is still studied and quoted to this day. Sun Tzu was a believer in preparedness prior to battle and believed that battles are often won prior to being fought. One of his…

In March 1831, James Honeyman and William J. Murray used forged keys to enter the City Bank of New York, emptying the vault of more than $245,000 in bank money. Boy, how times have changed! In the digital age, criminals don’t need to risk their safety by physically entering a bank. Why would they when…

Extortion is about leverage. The more leverage you can attain, the greater the chance that an extortion attempt will prove successful. A ransomware attack is a classic example of an extortion maneuver. A ransomware gang encrypts the systems and data repositories that an organization’s business operations depend on. At that point, everything grinds to a…

Let’s say you’re going on vacation next week to a foreign country. You need to know the weather so you can pack appropriately. You open a weather app, enter your destination, and see that it will be warm, but there’s a slight chance of rain, so you throw an umbrella into your bag. Behind the…

Conti, one of today’s most prolific and profitable ransomware groups, launched an initial cyberattack against Costa Rica in mid-April. In recent weeks, the Russian-speaking Conti gang, or possibly an associated group called Hive, have stepped up the attacks and expanded the assault. After Costa Rica refused to pay the initial $10 million ransom or the…

An unknown threat actor is selling a new malware toolkit called Eternity Project. Cybercriminals can buy stealers, clippers, worms, miners, ransomware, and DDoS Bots for a few hundred dollars each. What’s most notable about this malware-as-a-service (MaaS) is that in addition to being available on a TOR website, the hacker behind it is brazenly promoting…

Has REvil re-emerged? That’s the question on everyone’s mind and the topic that’s got the cyber community talking. After months of silence, REvil, the infamous presumed Russian-based ransomware gang, seems to be back online as of last week, with a new leak site promoted on RuTOR. The hacker group’s old site, Happy Blog, has returned,…

Lapsus$ Breaches Okta to Reach Customers’ Sensitive Data Traced back to January of this year, Okta, a publicly traded identity and access management company announced yesterday that it has been impacted by a cyber-attack claimed by the data extortion group Lapsus$. Okta and Lapsus$ disagree regarding the success of the breach, while companies like Cloudflare…

Over the last few weeks, threat actors have been launching phishing scams which leverage people’s fears and anxieties over the Omicron COVID-19 variant. The scams either inject the Dridex banking malware into a victim’s computer or other malware that collects passwords, credentials, and personal or financial data. Informing all employees about the threat is the…

[Last updated Dec. 19, 2021] A recently discovered Log4j vulnerability (Log4Shell, CVE-2021-44228) in the Apache utility that allows unauthenticated remote code execution (RCE) and server take over is said to be exploited in the wild. Due to how widely used the Apache tool is, affecting companies such as Amazon, Apple, Cisco, Steam, Tesla, Twitter, and many…

The cybersecurity kill chain, initially defined by Lockheed Martin, continues to be a general standard inside Information Security to describe how a malicious actor, internal or external, performs an attack. The cyber kill chain 7 stages are defined as: Reconnaissance – Identify vulnerabilities, improperly configured services, and obtain credentials through active or passive methods. Weaponization…

In the world of digital warfare, Artificial Intelligence is transforming the Security Operation Centers (SOC) to better respond to cybersecurity threats and attacks. Leveraging AI-Based security tools, such as CYREBRO’s SOC Platform, can provide integration features whereby you will be better able to detect and respond to cybercrimes without an in-house SOC team in place. …

Cybersecurity is a critical component of every business around the world, regardless of size or industry, with the SOC being a key component during the detection and incident response phase. Red Team vs. Blue Team Cybersecurity in a Nutshell The Blue Team stands at the core of Cybersecurity. The foundational elements established in the Blue…

Businesses worldwide are continuously at risk from external threats which are looking for a way in, be it by phishing or vulnerabilities. Once they enter your infrastructure or software, they can then use it to pivot and move into sensitive data, stealing it, or destroying it to obtain a profit. Internal threats have increased rapidly…

Over the past few decades, the business world shifted from filing cabinets overflowing with paperwork to a cloud-first approach where pen and paper are obsolete. Today we live in an almost limitless digital world that has afforded well-intentioned businesses with uncountable advantages. However, as our reliance on technology has grown, so too has the threat…

Have you ever hidden a house key under a doormat or flowerpot on your porch for a trusted friend to use on occasion? Have you ever made a copy to give to one of your neighbors to use in emergency situations when you are out of town?  Ever tape a key to your car underneath…

As if IT managers and CIOs didn’t have enough on their plates already, many are finding themselves with another heaping scoop of responsibility to manage: compliance. Various regulatory bodies set compliance requirements, which differ from country to country or even state to state in the US. For a company to be compliant, it must meet…

In today’s globalized economy, it’s easier than ever for businesses to operate in multiple locations, with many crossing borders to reach a broader customer base. While this can bring many benefits, it can also create significant challenges, particularly when managing IT and cybersecurity. As organizations increase their reach, they must work with service providers in…

In 1986, the United States enacted a vital piece of legislation known as the Computer Fraud and Abuse Act (CFAA) to address a rise in computer-related crimes. CFAA made many computer-based offenses illegal, including hacking, computer trespassing, unauthorized access to computers and computer networks, and using computers to commit fraud or access national security information.…

Businesses are facing an uphill battle when it comes to cybersecurity. The number of threat actors is multiplying daily, as are their skills and attacks. Simultaneously, security leaders, already dealing with staff and skills shortages, must do more with lower budgets. How can a business amp up its security in such turbulent times? In a…