Risk Management June 14, 2023

CISA’s known vulnerabilities impact 15M public services

4 min read - CISA’s Known Exploited Vulnerabilities (KEV) catalog is the authoritative source of information on past or currently exploited vulnerabilities. In a new report, the Rezilion research team analyzed vulnerabilities in the current KEV catalog. The results revealed a whopping 15 million…

News June 7, 2023

Protecting against remote monitoring and management phishing

3 min read - You use remote monitoring and management (RMM) software to closely monitor your cyber environment and keep your organization safe. But now cyber criminals are specifically targeting these tools, causing legitimate software to become a vulnerability. This is the latest type…

Risk Management May 18, 2023

HEAT and EASM: What to know about the top acronyms at RSA

4 min read - The cybersecurity industry is littered with acronyms. SIEM. EDR. APT. CISO. CISA. The list goes on and on. So it wasn’t surprising that there were a lot of acronyms in RSAC 2023’s sessions and keynotes, as well as in the…

Incident Response May 1, 2023

How Morris Worm command and control changed cybersecurity

4 min read - A successful cyberattack requires more than just gaining entry into a victim’s network. To truly reap the rewards, attackers must maintain a persistent presence within the system. After establishing communication with other compromised network devices, actors can stealthily extract valuable…

Incident Response March 14, 2023

Breaking down a cyberattack, one kill chain step at a time

4 min read - In today’s wildly unpredictable threat landscape, the modern enterprise should be familiar with the cyber kill chain concept. A cyber kill chain describes the various stages of a cyberattack pertaining to network security. Lockheed Martin developed the cyber kill chain…

News November 30, 2022

Abuse of privilege enabled long-term DIB organization hack

2 min read - From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to an advanced cyberattack on a Defense Industrial Base (DIB) organization’s enterprise network. During that time frame, advanced persistent threat (APT) adversaries used an open-source toolkit…

Intelligence & Analytics March 16, 2022

IOCs vs. IOAs — How to Effectively Leverage Indicators

4 min read - Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs)…

Intelligence & Analytics May 13, 2021

What is SIEM and how does it work? The past, present and future

7 min read - Security information and event management (SIEM) solutions provide organizations centralized visibility into their IT and even sometimes OT environments. At a high level, a SIEM turns data into actionable insights by: Ingesting a vast amount of event data from across…

Intelligence & Analytics April 16, 2021

Combating Sleeper Threats With MTTD

6 min read - During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019.…

Incident Response February 10, 2021

Smell the Attack? Sensory-Immersive Cyber Range Training for Industry 4.0

7 min read - Humanity has been through a number of industrial revolutions since the 1760s, and is now at its fourth cycle of sweeping industrial innovation, known as Industry 4.0. It is characterized by the ongoing automation of traditional manufacturing and industrial practices…