Category: Company

  • Phishing with GIFShell in Microsoft Teams

    Phishing with GIFShell in Microsoft Teams

    People love GIFs. We add them to emails, texts, tweets, and Slack chat groups all day long as we chat away with co-workers, friends, and family. We use them as a communication tool to show emotion and convey a tone when a plain text message might fall flat. If a picture says a thousand words,…

  • Hackers scan for CVEs in 15 minutes (or your pizza is free)

    Hackers scan for CVEs in 15 minutes (or your pizza is free)

    Car parking lots notoriously attract thieves. With plenty of cars lined up next to each other, all a thief has to do is scan the vehicles as he walks up and down the rows, looking for an open window, a door left ajar, or expensive items left out in plain view. It’s almost too easy,…

  • Why Bad Actors are Transitioning to Rust

    Why Bad Actors are Transitioning to Rust

    Round and round we go. It’s the nature of cybersecurity. Hackers discover an exploitable attack avenue, and a patch is then created to block it, except it doesn’t end there. Hackers just find another vulnerability and the battle rages on. It’s not just cybersecurity companies that must constantly innovate to remain relevant. Hackers must do…

  • Legitimate Platforms Becoming not so Legitimate Playgrounds for Hackers

    Legitimate Platforms Becoming not so Legitimate Playgrounds for Hackers

    You would be hard pressed to come up with a more nostalgic image than a child running a lemonade stand in their front yard on a hot afternoon. Unfortunately, there is nothing nostalgic about what some young entrepreneurs are doing today.  A team of researchers recently uncovered a group of minors that were running what…

  • Phishing-Resistant MFA Proves Again That Weak Links Should Be Layered with Defense

    Phishing-Resistant MFA Proves Again That Weak Links Should Be Layered with Defense

    Cybersecurity is a constant game of the cat chasing the mouse. The cat (a business) continues to believe that with each new plan of attack (i.e., security strategy or tool), it will finally be able to catch the mouse or, in this case, harden its security posture enough to prevent the mouse (a bad actor)…

  • SOC1, SOC2, SOC3 – Understand What You Need

    SOC1, SOC2, SOC3 – Understand What You Need

    Why does your business need compliance to grow? SOC compliance is crucial for those in service organizations. There are various compliance standards and accreditations that your business can work towards and ascertain, such as ISO 27001, NIST 800-53, and FEDRAMP, just to name a few. But arguably the most widely recognized and respected is SOC,…

  • Hackers scan for CVEs in 15 minutes (or your pizza is free)

    Hackers scan for CVEs in 15 minutes (or your pizza is free)

    Car parking lots notoriously attract thieves. With plenty of cars lined up next to each other, all a thief has to do is scan the vehicles as he walks up and down the rows, looking for an open window, a door left ajar, or expensive items left out in plain view. It’s almost too easy,…

  • Why Bad Actors are Transitioning to Rust

    Why Bad Actors are Transitioning to Rust

    Round and round we go. It’s the nature of cybersecurity. Hackers discover an exploitable attack avenue, and a patch is then created to block it, except it doesn’t end there. Hackers just find another vulnerability and the battle rages on. It’s not just cybersecurity companies that must constantly innovate to remain relevant. Hackers must do…

  • Legitimate Platforms Becoming not so Legitimate Playgrounds for Hackers

    Legitimate Platforms Becoming not so Legitimate Playgrounds for Hackers

    You would be hard pressed to come up with a more nostalgic image than a child running a lemonade stand in their front yard on a hot afternoon. Unfortunately, there is nothing nostalgic about what some young entrepreneurs are doing today.  A team of researchers recently uncovered a group of minors that were running what…

  • Phishing-Resistant MFA Proves Again That Weak Links Should Be Layered with Defense

    Phishing-Resistant MFA Proves Again That Weak Links Should Be Layered with Defense

    Cybersecurity is a constant game of the cat chasing the mouse. The cat (a business) continues to believe that with each new plan of attack (i.e., security strategy or tool), it will finally be able to catch the mouse or, in this case, harden its security posture enough to prevent the mouse (a bad actor)…

  • SOC1, SOC2, SOC3 – Understand What You Need

    SOC1, SOC2, SOC3 – Understand What You Need

    Why does your business need compliance to grow? SOC compliance is crucial for those in service organizations. There are various compliance standards and accreditations that your business can work towards and ascertain, such as ISO 27001, NIST 800-53, and FEDRAMP, just to name a few. But arguably the most widely recognized and respected is SOC,…

  • Why a SOC Has Become a Top Requirement for Cyber Insurance

    Why a SOC Has Become a Top Requirement for Cyber Insurance

    It seems that everyone is trying to identify the next bubble to take some type of advanced action to avoid it or take advantage of it. Many of us have lived through more than one. There was the IT bubble at the start of the century followed by the housing bubble in 2008. Bubbles are…

  • Eternity Malware-as-a-Service: A Modular Tool Kit for Threat Actors

    Eternity Malware-as-a-Service: A Modular Tool Kit for Threat Actors

    An unknown threat actor is selling a new malware toolkit called Eternity Project. Cybercriminals can buy stealers, clippers, worms, miners, ransomware, and DDoS Bots for a few hundred dollars each. What’s most notable about this malware-as-a-service (MaaS) is that in addition to being available on a TOR website, the hacker behind it is brazenly promoting…

  • REvil TOR sites back in action with new ransomware (RaaS) operations 

    REvil TOR sites back in action with new ransomware (RaaS) operations 

    Has REvil re-emerged? That’s the question on everyone’s mind and the topic that’s got the cyber community talking. After months of silence, REvil, the infamous presumed Russian-based ransomware gang, seems to be back online as of last week, with a new leak site promoted on RuTOR. The hacker group’s old site, Happy Blog, has returned,…

  • Lapsus$ Breaches Okta to Reach Customers’ Sensitive Data

    Lapsus$ Breaches Okta to Reach Customers’ Sensitive Data

    Lapsus$ Breaches Okta to Reach Customers’ Sensitive Data Traced back to January of this year, Okta, a publicly traded identity and access management company announced yesterday that it has been impacted by a cyber-attack claimed by the data extortion group Lapsus$. Okta and Lapsus$ disagree regarding the success of the breach, while companies like Cloudflare…

  • Threat Actors Using Omicron COVID-19 Phishing Lures

    Threat Actors Using Omicron COVID-19 Phishing Lures

    Over the last few weeks, threat actors have been launching phishing scams which leverage people’s fears and anxieties over the Omicron COVID-19 variant. The scams either inject the Dridex banking malware into a victim’s computer or other malware that collects passwords, credentials, and personal or financial data. Informing all employees about the threat is the…

  • Log4Shell hits big players with critical 0-day exploit

    Log4Shell hits big players with critical 0-day exploit

    [Last updated Dec. 19, 2021] A recently discovered Log4j vulnerability (Log4Shell, CVE-2021-44228) in the Apache utility that allows unauthenticated remote code execution (RCE) and server take over is said to be exploited in the wild. Due to how widely used the Apache tool is, affecting companies such as Amazon, Apple, Cisco, Steam, Tesla, Twitter, and many…

  • Cybersecurity and Data Protection Laws: US Financial Services and Insurance Firms

    Cybersecurity and Data Protection Laws: US Financial Services and Insurance Firms

    Federal and state legislation say surprisingly little about how ordinary American businesses should manage their cybersecurity. However, financial services and insurance firms are not ordinary businesses. Because of their tendency to deal with sensitive personal data such as social security numbers, bank accounts and tax records, financial services and insurance firms are subject to a…

  • The Functionality of a SOC in a Red Team vs. Blue Team Exercise

    The Functionality of a SOC in a Red Team vs. Blue Team Exercise

    Cybersecurity is a critical component of every business around the world, regardless of size or industry, with the SOC being a key component during the detection and incident response phase. Red Team vs. Blue Team Cybersecurity in a Nutshell The Blue Team stands at the core of Cybersecurity. The foundational elements established in the Blue…

  • How Can a Cloud-Based SOC Help You Detect Internal Threats?

    How Can a Cloud-Based SOC Help You Detect Internal Threats?

    Businesses worldwide are continuously at risk from external threats which are looking for a way in, be it by phishing or vulnerabilities. Once they enter your infrastructure or software, they can then use it to pivot and move into sensitive data, stealing it, or destroying it to obtain a profit. Internal threats have increased rapidly…

  • Taking Ownership on Safer Internet Day

    Taking Ownership on Safer Internet Day

    Where would the world be without the Internet?  The Internet allows us to access massive amounts of information in seconds, connect with people all over the globe, educate ourselves on any topic we want, work and collaborate remotely, sell and buy from–and do countless more things that would have been unimaginable just 30 years ago. …

  • Why a Tech Agnostic Cybersecurity Vendor is Critical in 2022

    Why a Tech Agnostic Cybersecurity Vendor is Critical in 2022

    Animal Crossing: New Horizons took the world by storm during the pandemic, selling more than 13 million copies in just six weeks. The game was splashed across the news, captivating users stuck at home with limited entertainment options. Nintendo and Nintendo Switch owners welcomed the game’s release, but Xbox users were left out in the…

  • The RDP attack, from advanced solution to attack vector nightmare

    The RDP attack, from advanced solution to attack vector nightmare

    When businesses shifted to remote work at the beginning of the coronavirus pandemic, they had the good fortune of being able to turn to an old solution to keep productivity high–the Remote Desktop Protocol (RDP). Microsoft released the protocol in 1998, but it wasn’t until the pandemic that many businesses realized its usefulness. Naturally, the…

  • Happy Holidays? Not if Hackers Have Their Way

    Happy Holidays? Not if Hackers Have Their Way

    Cybercriminals are savvy, calculating, and methodical. Like any good thief, they do their homework, investigating potential targets, stalking them to track habits, and identifying weak entry points. They are also patient, waiting for the perfect time to launch an attack. Attackers hit the hardest when defenses are at their lowest. More often than not, that…

  • 5 Types of Cybersecurity Your Organization Needs

    5 Types of Cybersecurity Your Organization Needs

    Businesses don’t often compare themselves to nations, but they have at least one important thing in common – the need to handle threats across multiple spheres or environments. Nations must be on constant alert to security threats from land, air, sea, space and – increasingly – cyberspace. Depending on the complexity of your cyber infrastructure,…

  • Proactive vs. Reactive Cybersecurity

    Proactive vs. Reactive Cybersecurity

    Many businesses already spend a great deal on cybersecurity but are still inadequately prepared, and the solution often lies in their general approach. Reactive and proactive cybersecurity follow different approaches and offer unique benefits, and these two approaches also require different processes and tools to maximize cybersecurity.   Which of these security approaches is more effective for your business?…

  • 5 Commonly Overlooked Signs of a Hack

    5 Commonly Overlooked Signs of a Hack

    There are security system rules configurations that can indicate these threats, so if you see any one of these, there is a good chance that your system has been compromised somewhere along the way. Someone else is reading your emails! (The Windows Outlook Hack) If you use Microsoft Outlook for your emails, your emails can…

Sign Up for Updates