Using CTI to Help Predict Vulnerability Exploitability

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "Using CTI to Help Predict Vulnerability" with a light orange arrow pointing down.

In a world of increasingly powerful data analytics, security researchers continue to develop new uses for artificial intelligence (AI) and machine learning (ML). In security, predictive analytics offer insight into how a company should prioritize its activities. With more vulnerabilities detected daily, vulnerability management teams become overwhelmed, unable to patch or remediate everything all at […]

AlphaLock, Threat Actor Branding, and the World of Cybercrime Marketing

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "AlphaLock, Threat Actor Branding, and the World of Cybercrime Marketing" with a light orange arrow pointing down.

Threat actors are not a monolith in their approach to cybercrime. The popular perception is that threat actors steal information for the sake of it, while knowing and accepting that they are doing something wrong. However, some threat actors also justify their actions by promoting an image that their activity ethically advances the cause of […]

Ransomware in Context: 2024, A Year of Tumultuous Change

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "Ransomware in Context: 2024, A Year of Tumultuous Change" with a light orange arrow pointing down.

2024 has started off dramatic shifts in the ransomware landscape. In December of 2023 international law enforcement took down the BlackCat leaks site, leading to the group removing all ethical restrictions for their affiliates and declaring all organizations in Western Europe and the United States viable targets to include nuclear power plants and childrens hospitals. […]

Threat Spotlight: Data Extortion Ransomware Threats

A navy background with the white text "Data Extortion Ransomware Threats"

Over the last few years, the ransomware landscape has changed significantly. Between 2022 and 2023, ransomware attacks increased by more than 100% year-over-year, with more attacks consisting of double and triple extortion. At a high level, the categories of ransomware can be defined as: Modern ransomware attacks are no longer a lone individual sitting at […]

Implement Continuous Threat Exposure Management: A Quick Guide for 2024

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "Implement Continuous Threat Exposure Management." There is white text underneath that which says "Learn More" with a light orange arrow pointing down.

This year, Gartner named “Continuous Threat Exposure Management (CTEM)” as one of the top trends for Optimizing for Resilience. This is a response to increasing attack surfaces and thus cybercrime, and is the approach that best suits the evolving threat landscape. Organizations’ attack surfaces have exponentially increased over the past few years largely due to […]

Modern Cyber Warfare: Crowdsourced DDoS Attacks

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "Modern Cyber Warfare: Crowdsourced DDoS Attacks." There is white text underneath that which says "Learn More" with a light orange arrow pointing down.

Over the past few years, politically motivated threat actors have increasingly gone online to find allies for their causes. While ten years ago most hactivism like this was anonymous, modern actors favoring certain political elements or governments leverage a broader ecosystem. Since Distributed Denial of Service (DDoS) attacks require little technical skill, they offer a […]

Initial Access Broker Landscape in NATO Member States on Exploit Forum

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "Initial Access Broker Landscape in NATO Member States on Exploit Forum." There is white text underneath that which says "Learn More" with a light orange arrow pointing down.

Initial access brokers (IABs) gain unauthorized access to the system then sell this access to other malicious actors. Based on a large sample of IAB posts on the Russian-language hacking forum Exploit.in (Exploit), IABs increasingly target entities within NATO member states, with research revealing recent activity in 21 of 31 countries. Additionally, access to organizations […]

Supply Chain Security and NIS2: What You Need to Know

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "Supply Chain Security and NIS2: What You Need to Know." There is white text underneath that which says "Learn More" with a light orange arrow pointing down.

The Network Information Systems Directive (NIS2) and its predecessor NIS focus on risk management for organizations. The EU states that the NIS is the first piece of EU-wide legislation on cybersecurity with the goal of achieving a high common level of cybersecurity across the member states. The NIS2 will be quite impactful, especially as it […]

Third-Party Cybersecurity Risk Management: A Short Guide for 2024

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "Third-Party Cybersecurity Risk Management: A Short Guide for 2024." There is white text underneath that which says "Learn More" with a light orange arrow pointing down.

Third-parties are an important part of your extended enterprise. They’re your vendors, your partners, and your suppliers. They provide some of your business’s most critical services: billing, data storage, or sales. Unfortunately, vendors and suppliers also come along with significant third party cybersecurity risk. Early in January, Gartner named third-party risk cyber management (TPCRM) a […]

NIS2 Compliance: Updated for 2024,  Complete Guide

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "NIS2 Compliance: Updated for 2024, Complete Guide" There is white text underneath that which says "Learn More" with a light orange arrow pointing down.

The Network Information Systems Directive (NIS) was published in 2016 and required EU critical infrastructure sectors to meet basic cybersecurity compliance requirements. In October 2024 the second iteration of the Network Information Systems Directive (NIS2) will be going into effect, which will both substantially expand the number of entities required to be compliant in addition […]