On September the 16th, Uber announced they experienced a major breach in their organization in which malicious actor was able to log in and take over multiple services and internal tools used at Uber. What are some of the logs that IR teams should be focusing on in their investigation?
Today’s CISOs and their collective security teams may well find they have wide-ranging considerations to factor regarding both current and next-generation threat detection and response tool investments. How can they make sense of today's threat detection and response buzzword landscape?
Mitiga investigated an attempted Business Email Compromise (BEC) attack. While the alertness of the involved parties prevented the fraud, the attack indicated that the attacker had access to sensitive information that could only be obtained by compromising a user in the organization.
Mitiga spotted a sophisticated, advanced business email compromise (BEC) campaign, directly targeting relevant executives of organizations (mostly CEOs and CFOs) using Office 365.
Recent cloud-based attack headlines remain front-and-center in the cybersecurity community, adding to the relevance of analysis and guidance provided by Mitiga Co-Founder and CTO Ofer Maor in his recent BrightTALK Webcast, It's Getting Real & Hitting the Fan! Real World Cloud Attacks.
Google Workspace is a popular service for document collaboration for organizations and for individual users. Threat actors note that the popularity of this service is increased, and search for ways to exploit vulnerabilities and misconfigurations, so it is important to know how to hunt for threats in Google Workspace.
It isn’t just anti-virus blind spots that hinder cybersecurity team efforts to safeguard organizational assets from threat actors. Veteran incident management analysts will tell you many detection tools also have blind spots that can lead to incomplete investigations and incorrect conclusions.
In this blog, we will focus on the security and forensic aspects of Transit Gateway VPC flow logs and expand the way they can be used by organizations to respond to cloud incidents.
There is an accepted notion in some corners of cybersecurity that maintains “there is no peacetime.” For many of us, that is a daunting premise — as it discounts extensive CISO efforts to extend multi-year investments in cybersecurity tools, innovation, and resources to address ongoing cyberattacks focused on business services transitioned to cloud and SaaS platforms.