September 15, 2023
Deciphering Shadows: Insights and Observations from the MGM BreachOn September 12, 2023, the world woke up to the news of another significant cyber-attack, this time on MGM Resorts International, a renowned name in the hotel and casino industry. The incident affected their operations across various locations, including iconic Las Vegas.
September 5, 2023
A Mindset Shift for Cloud Security Resilience: Assume BreachCloud environments offer tremendous advantages in agility, scalability, and cost efficiency.
May 24, 2022
Lessons Learned from WannaCry: Are We Ready for Another Global Attack? Five years ago, the WannaCry ransomware cryptoworm targeted computers running Microsoft Windows, encrypting data at organizations around the world. The attackers demanded a ransom of just $300 worth of bitcoins within three days or the files would be permanently deleted. The cryptoworm leveraged the EternalBlue exploit, which the National Security Agency developed to attack older Windows Systems.
May 16, 2022
Cyber Resilience - Why & How to Start Building It In Your Organization Cyber resilience is the ability of an organization or entity to continue to deliver services or solutions even in the face of adverse cyber events, such as cyberattacks. Cyber resilience combines elements of information security, business continuity, and organizational resilience.
March 7, 2022
Ready or Not: Russian Attack on Ukraine Brings Global Cybersecurity Impacts The Russian military strategy is often described as a strategy of “active defense.” This means that their strategy includes both the preventative measures taken before a conflict breaks out and the tenets for conducting the war.
February 11, 2022
The ultimate cybercriminal gift list: undisclosed zero-day vulnerabilitiesOver the last few months, everyone has been busy patching — seeking to close the loophole most learned about when the a patch was released for Log4j 2.15.0 for Java 8 users to address the remote code execution vulnerability CVE-2021-44228, a previously undisclosed zero-day vulnerability.
February 4, 2022
Rethinking zero-day vulnerabilities vs. one-days to increase readiness Because zero-day vulnerabilities are announced before security researchers and software developers have a patch available, zero-day vulnerabilities pose a critical risk to organizations as criminals race to exploit them. Similarly, vulnerable systems are exposed until a patch is issued and applied.
December 21, 2021
Crown Jewels Analysis — A Risk Of BiasOrganizations have widely adopted the Crown Jewels concept in their efforts to build cost-effective cybersecurity strategies and plans in the ever-growing world of risks and challenges. However, the Crown Jewels concept could undermine the chances of effectively detecting, reacting to and recovering from a cyber-attack. It is time for the adoption of new concepts and new methodologies.
October 28, 2021
Patches are not enough for VMWare vCenter Server and Cloud Foundation vulns If you are using either vCenter Server or Cloud Foundation, you must declare an emergency and treat it like you have already been compromised. These critical vulnerability disclosures do not offer a quick and easy patch, and patching alone is not enough.
October 7, 2021
Learn how ransomware attacks have changed - and how response needs to, tooRansomware keeps hitting the news these days, filling headlines with stories about organizations struggling with disabled IT systems, inaccessible patient data, unavailable Wi-Fi, and general confusion. Today, organizations are facing an evolving threat, modern ransomware, also called double extortion ransomware.
November 27, 2020
Step 1: Phish Mitiga. Step 2: Get Your Phishing-as-a-Platform Dissected by MitigaA few weeks ago, one of Mitiga’s employees received an email phishing for credentials. Instead of just laughing it off, our team decided to use their lunch breaks to analyze it. What we found indicates a sophisticated phishing platform that uses AWS and Oracle infrastructure to phish Office 365 email accounts.
Microsoft Storm-0558 SaaS Breach: Hunting for Stealth Espionage AttacksIn an ever-changing cyber landscape, the recent exploit by China-based threat actor, Storm-0558, highlights the need for constant vigilance. The threat actor exploited a compromised encryption key (MSA key) to target Microsoft Exchange Online, forge access tokens, manipulate the token verification process, and extract unclassified data from victim mailboxes.
Ready, Set, Respond: Ensuring Compliance with the SEC Reporting RegulationsThe Securities and Exchange Commission (SEC) of the United States has adopted new regulations that require public companies to disclose material cybersecurity incidents within four days. To the positive, this initiative seeks to increase transparency and safeguard investors against potential cybersecurity risks.