Google TAG team reports: Nation-State attacks can happen to anyone
Early last week Google’s Threat Analysis Group (TAG) posted a blog outlaying a nation-state attack targeting security researchers. Using social engineering and social media these threat actors were able to create “credibility” within the industry. They claimed false credit for vulnerabilities and interacted with researchers under the guise of wanting to “collaborate” with them on new […]
Cyber Threats in 2021: What to watch out for
December 2020 was a massive month in cybersecurity. Between SolarWinds, FireEye, and Microsoft, every cyber professional was on edge, and we can expect to see our fair share of notable cyber threats this year as well. So what can we do about it? Our nation-state grade cyber defense experts pulled their heads together to bring […]
The 12 Days of Security
We are all familiar with the (verrrrrry long) holiday favorite 12 Days of Christmas. While security goes WELL beyond 12 days, we wanted to share 12 of our resources to help you in your cyber defense journey this holiday season. https://youtu.be/sdJq7sUPgP8 A Weekly Cyber Breakdown Every week our team uses an AI engine to pull […]
SolarWinds: Preventing and Hunting other MSP Attacks
The SolarWinds breach has again exposed the trusted supply chain as a favored method of cyber-attack. Nation-state level threat actors compromised its software updates in order to rollout backdoor access among its customer base. The network management and monitoring powerhouse has upwards of 300,000 customers across enterprise and government, so the potential fallout from this […]
Red Team vs. Blue Team: Discussing the Divide
Peter Cohen, Managing Director, EMEA Red Team vs Blue Team– most people in cybersecurity agree that the gap between the two sides of the industry remains vast. Red-teams work with potent combinations of creativity, training, research, and industry kudos. This is just as well if they are to replicate the kind of attacks seen in […]
FireEye Breach: What to Know
Who is FireEye? FireEye provides cybersecurity products (endpoint and network) to detect and prevent against advanced threats. A few years ago FireEye bought Mandiant, one of the world’s premier cybersecurity consultancies, particularly in Incident Response. Together, the product and consulting business has had success worldwide and has several government contracts including in the US. What […]
Bringing Security into Compliance
Security teams are already overwhelmed with keeping up with threats and protecting the network and the data that flows within it. Especially when working in a highly regulated industry such as finance, healthcare, or utilities, it can be a real challenge to keep up with all the changes in regulation. What’s wrong with compliance? We […]
The State of the Nation: Incident Report in the U.K.
“Phishing incidents are up 56% between 2019 and 2020, and hardware/software misconfigurations are up 44%.” We are all familiar with the Verizon Data Breach Report: it’s a guidebook on where the cyber world is with incidents globally. While this is an invaluable asset to the industry each part of the world has their own nuances […]
Crafting an Effective Risk Register
Risk is much more than a report shown to the board every quarter. It’s a major point of discussion for any CISO regardless of industry, and not just on the mitigation side. The ability to effectively assess risk is a critical part of any program – but it has to be done realistically. The Challenges […]
Social Engineering: Training your way around the threat
Why is social engineering one of the most widely discussed topics in security? Because it’s one of the most effective offensive tactics, and an inherently human discussion. It’s a concept that is easily understood because it largely plays on emotion. Whether it be fear, compassion, or anger that is used, we can fundamentally understand why […]
