0-Day No Longer Best Kept Secrets On The Internet
A 0-day is a software vulnerability that is unknown to its software maker. 0-days are perhaps the most valuable type of exploits out there simply because they can be used with an incredibly high chance of success, and often for an extended period of time. With no knowledge of a flaw, a software maker is […]
The Threat Landscape Post-COVID-19 and How You Can Address It
The Covid-19 pandemic has changed not only our perspective on life and work, but also cybersecurity strategy worldwide. The past nearly two years have prompted a shift to digitalization and extensive cloud migration, raising concerns about data security and integrity. Even before the pandemic started, industry reports had estimated that the market would “grow at […]
Noise Reduction and Prioritisation: One Size Does Not Fit All
One man’s trash is another man’s treasure, what one considers undesirable is likely specific to the listener. Or, at least, that is the unwritten rule in several situations, one of which seems to have so far been the threat landscape monitoring tools industry. The endless war against alert fatigue In the infosec community, talking about […]
Malicious Actors Show Increased Interest in Information Theft
The evolution of malicious actors over the last four decades has shown that greed is greatly responsible for most of the cybersecurity incidents we keep witnessing. While in the 1980s virus authors sought to experiment, and erase data, the same breed of malicious actors now seek, in many cases, mostly one thing: information. Credential Stealing […]
Major Hack Jeopardizes Future of Dark Web Marketplaces
Over the past week, an unknown malicious actor launched perhaps the biggest phishing attack against dark web marketplaces. This attack created havoc among their participants, and further questioned the very business model of dark web marketplaces. What happened, why is it significant, and what does this mean for the near future? The Hacking of Dark […]
How to Mitigate the Risks of Token Leaks
Access tokens are used in token-based authentication and allow users to access a website, an application or API. After verifying their identity, the user has no need to re-enter their credentials for the lifetime of the token, as the token serves as their entry ticket. When they are created, tokens are granted a defined scope […]
Private forums increase transmission of knowledge by malicious actors
Malicious actors use online discussion forums to facilitate the exchange of knowledge, often out of the public’s eye. In this blog, we study the transmission of knowledge that takes place on public and private forums. This leads us to question how the participant selection mechanisms of forums influence the transmission of knowledge. This transmission is […]
How Prepared Are CISOs for Cloud Security Risks?
Since the COVID-19 pandemic started, remote teams have increased reliance on cloud communication and team collaboration services. Although there was interest in cloud adoption far before the pandemic hit, industry research has found that 9 out of 10 organizations have since rushed to adopt cloud services. While this spawns tremendous scalability opportunities, cloud migration may […]
Business of Sending Spam
While malicious actors have developed countless attack methods, spam remains to this day a significant threat vector for companies. The most recent statistics on spam are indicative of the danger that spam poses: 95% of all attacks targeting enterprise networks are caused by successful spear phishing. A single spear phishing attack results in an average […]
Why your team should be concerned about leaky buckets on the internet
Since its inception in March 2006, AWS cloud storage option, also referred to as S3 (Simple Storage Service), has generated keen interest due to its low maintenance and configuration, high availability and “pay as you go” accessible pricing. Microsoft jumped on the bandwagon by formally launching its own cloud services in 2010, maintaining ever since […]
