Log4j, GitHub Repositories, and Attack Surfaces
Numerous security practitioners and software development teams often utilize public repositories in their daily roles. The goal of these public repositories is to help teams collaborate on improving coding, fixing vulnerabilities, and support building high-quality software for companies. Two of the most popular types of these repositories are Log4j and GitHub. These two repositories have been […]
The Typology of Illicit Telegram Channels
Cybercriminals seem to always be looking for new and innovative ways to commit their crimes more efficiently. In the past, the dark web and parts of the deep web were some of the most common places where you can find cybercriminals committing their schemes. However, many criminals have moved over to more secure online messaging […]
Flare’s Coming Soon to a Town Near You: See You at RSA and BSidesSF!
Flare is heading to San Francisco later this month for RSA and BSidesSF. These are the first events where we’ll live demo our AI Powered Assistant! We can’t wait to show you how we’re leveraging large language models to enable streamlining threat detection and response, prioritizing important information, and accessing multilingual cyber threat intelligence. Flare […]
The Same Flare Cybersecurity: Now at Flare.io! (Goodbye Flare.Systems)
At Flare, our mission has always been to democratize cybersecurity and empower organizations to defend themselves against and stay ahead of ever-changing cyber threats. We began this journey in 2017, and have been carefully monitoring the clear and dark web for cyber risks to protect our customers across different industries. Over the years, we’ve evolved […]
Diamond Model of Intrusion Analysis: A Quick Guide
Any intrusion into a network calls for a thorough analysis to give security teams cyber intelligence about different threats and to help thwart similar future attacks. However, effective incident analysis has long been held back by uncertainty and high false positive rates in intrusion detection systems that lead to slow threat mitigation. The diamond model […]
Automating Your Red Team Approach: A Quick Guide
Your organization may be prepared for an attack. You may have all the recommended security controls and your employees may be well-trained when it comes to avoiding social engineering attacks. You cannot truly be prepared, however, until you test your defenses. Traditionally, this is done by bringing in experts to hack your systems, discover the […]
Domain Hijacking: The Definitive Guide to Detection & Remediation
Today, your company website is a critical part of your business. From marketing to sales, you use your website to support your business objectives. In many cases, companies incorporate portals that deliver digital customer experiences, including online purchasing and communications. As a customer-facing reflection of your corporate brand, you focus on how it looks, how […]
Combo Lists & the Dark Web: Understanding Leaked Credentials
In today’s interconnected, cloud-based world, user credentials are the keys that grant entry to the house that stores an organization’s digital treasure. Just as burglars pick the lock on a physical house, cybercriminals use stolen credentials to gain unauthorized access to a company’s systems and networks. Similarly, cybercriminals can purchase high volumes of stolen credentials […]
Business Email Compromise: 3 Steps to Reduce Risk
Email has been a popular delivery of malware and risk for decades. Since the first phishing schemes 1990s, phishing techniques have only become more sophisticated in the decades since. It’s particularly popular among criminals now; since 2019, the use of phishing scams has increased by 300%. The reason for the increase? Despite the proliferation of […]
Threat Actor TTPs & Cyber Threat Intelligence
Intelligence-driven cybersecurity is proactive. And proactive cybersecurity drives better defenses by improving the ability to anticipate threats, increase situational awareness, and reduce attack surfaces. Today’s cyber threat landscape sees more complex and diverse threats than ever. Delving into the tactics, techniques, and procedures (TTPs) that adversaries use is a valuable source of cyber threat intelligence […]