Collaborate Disseminate
Malicious actors are increasingly exploiting legitimate tools to accomplish their goals, which include disabling security measures, lateral movement, and transferring files. Using commonly available tools allows attackers to evade detection. While cust… Continue reading Prevent attackers from using legitimate tools against you
Organizations follow a reactive approach to cybersecurity which is stifling their progress in demonstrating value and aligning with business outcomes, according to WithSecure. 83% of respondents surveyed in the study were interested in, planning to ado… Continue reading Outcome-based cybersecurity paves way for organizational goals
A new report for cybersecurity firm WithSecure suggests that most companies are investing in security solutions that are tactical and reactive, but not in line with strategic aims of an organization.
The post Cybersecurity unaligned with business goals… Continue reading Cybersecurity unaligned with business goals is reactive … and flawed: Study
We’ve been developing machine learning-based cybersecurity systems for many years and began developing automation for analysis in our labs in 2005. These early automation projects have since evolved into full-blown machine-learning frameworks. Si… Continue reading Malware and machine learning: A match made in hell
When it comes to data breaches, organizations are generally informed about the risks and procedures for mitigating them. They can (typically) respond with minimal collateral damage. But the impact a data breach can have on individuals can be devasting;… Continue reading Preventing corporate data breaches starts with remembering that leaks have real victims
US and South Korean agencies have issued a joint cybersecurity advisory describing the tactics, techniques and procedures used by North Korean hackers to deploy “state-sponsored” ransomware on hospitals and other organizations that can be c… Continue reading North Korea targets US, South Korean hospitals with ransomware to fund further cyber operations
If there’s one thing people will remember about AI advances in 2022, it’ll be the advent of sophisticated generative models: DALL.E 2, Stable Diffusion, Midjourney, ChatGPT. They all made headlines – and they will change the way we wo… Continue reading Generative AI: A benefit and a hazard
It has been observed that attackers will attempt to start exploiting vulnerabilities within the first fifteen minutes of their disclosure. As the time to patch gets shorter, organizations need to be more pragmatic when it comes to remediating vulnerabi… Continue reading Understanding your attack surface makes it easier to prioritize technologies and systems
The quality of protected communications matters – a lot. If the sent material is highly sensitive and the legislation and/or policy demands high security, opportunistic encryption might not be enough. For organizations, deciding what email encryp… Continue reading Why encrypting emails isn’t as simple as it sounds
When people find out that I’ve spent much of my career being hired by companies to steal their secrets, they usually ask, “Are we doing enough? Do we need a red team?” The latter is not a question with a simple “yes” or “no” answer. Many companie… Continue reading Red, purple, or blue? When it comes to offensive security operations, it’s not just about picking one color