Noise Reduction and Prioritisation: One Size Does Not Fit All
One man’s trash is another man’s treasure, what one considers undesirable is likely specific to the listener. Or, at least, that is the unwritten rule in several situations, one of which seems to have so far been the threat landscape monitoring tools industry. The endless war against alert fatigue In the infosec community, talking about […]
Malicious Actors Show Increased Interest in Information Theft
The evolution of malicious actors over the last four decades has shown that greed is greatly responsible for most of the cybersecurity incidents we keep witnessing. While in the 1980s virus authors sought to experiment, and erase data, the same breed of malicious actors now seek, in many cases, mostly one thing: information. Credential Stealing […]
Major Hack Jeopardizes Future of Dark Web Marketplaces
Over the past week, an unknown malicious actor launched perhaps the biggest phishing attack against dark web marketplaces. This attack created havoc among their participants, and further questioned the very business model of dark web marketplaces. What happened, why is it significant, and what does this mean for the near future? The Hacking of Dark […]
How to Mitigate the Risks of Token Leaks
Access tokens are used in token-based authentication and allow users to access a website, an application or API. After verifying their identity, the user has no need to re-enter their credentials for the lifetime of the token, as the token serves as their entry ticket. When they are created, tokens are granted a defined scope […]
Private forums increase transmission of knowledge by malicious actors
Malicious actors use online discussion forums to facilitate the exchange of knowledge, often out of the public’s eye. In this blog, we study the transmission of knowledge that takes place on public and private forums. This leads us to question how the participant selection mechanisms of forums influence the transmission of knowledge. This transmission is […]
How Prepared Are CISOs for Cloud Security Risks?
Since the COVID-19 pandemic started, remote teams have increased reliance on cloud communication and team collaboration services. Although there was interest in cloud adoption far before the pandemic hit, industry research has found that 9 out of 10 organizations have since rushed to adopt cloud services. While this spawns tremendous scalability opportunities, cloud migration may […]
Business of Sending Spam
While malicious actors have developed countless attack methods, spam remains to this day a significant threat vector for companies. The most recent statistics on spam are indicative of the danger that spam poses: 95% of all attacks targeting enterprise networks are caused by successful spear phishing. A single spear phishing attack results in an average […]
Why your team should be concerned about leaky buckets on the internet
Since its inception in March 2006, AWS cloud storage option, also referred to as S3 (Simple Storage Service), has generated keen interest due to its low maintenance and configuration, high availability and “pay as you go” accessible pricing. Microsoft jumped on the bandwagon by formally launching its own cloud services in 2010, maintaining ever since […]
What kind of data could your PDF files be leaking online?
In the 2003 timeframe leading up to the Iraq war, a British government representative published a Word document on their website, containing information related to “Iraq’s security and intelligence organizations.” This information had been previously referenced by Colin Powel during a United Nations address. When the British dossier was made public, it was revealed the […]
All Is Fair In Darknet Wars
For anyone trying to collect data on the darknet, the last three years have been an incredible challenge. The dark net used to be a collection of simple marketplaces that could be easily indexed and crawled, though sometimes slowly because of the size of some of the markets. Alpha Bay, for example, had an estimated […]
