Blog
Sharing Mitiga’s latest threat intelligence and research, cloud IR insights, and company news
More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan
Imagine that you’re a SOC (Security Operations Center) analyst receiving an alert about suspicious behavior from a binary on an EC2 instance. After checking the binary on VirusTotal, you find it was an AWS-developed software signed by Amazon. Further investigation reveals that it communicated only with Amazon-owned IP addresses.
Ensuring Compliance with SEC Cyber Disclosure Rules
The SEC now requires public companies to disclose material cybersecurity incidents within 4 days. Stay informed by reading this article.
Why the Implementation of CIRA is so Important for Incident Response
Read our article on why Gartner’s CIRA security announcement is pivotal for incident response, driving innovation and improving cloud security strategies.
Mitiga Security Advisory: Lack of Forensic Visibility with the Basic License in Google Drive
After gaining initial access to any platform, data theft (exfiltration) is one of the most common attack vectors used by threat actors.
Think You Have All the Cloud Forensics Data You Need? You Probably Don't
Logs are everywhere—the digital records of events and actions that have taken place in every hardware system, application and network. All of your digital environments generate a log of some form.
How Okta Passwords Can Be Compromised: Uncovering a Risk to User Data
Mitiga's research team uncovered a data risk to Okta users due to passwords that can be present in logs. This article outlines the risk and attack method.
Samsung Next Invests In Mitiga, Brings Total Funding to $45M
Mitiga, the cloud and SaaS incident response leader, today announced the completion of a Series A Round bringing total funding to $45 million led by ClearSky Security, with participation from Samsung Next and existing investors Blackstone, Atlantic Bridge and DNX.
Google Cloud Platform Exfiltration: A Threat Hunting Guide
If you’re wondering if the cloud era is here, you need only look at the latest stats. 67% of enterprise infrastructure is now cloud-based and 94% of enterprises use cloud services.1 It’s no wonder that public clouds like Google Cloud Platform (GCP) have become a new playground for threat actors. There is a lot to exploit.
Mitiga Security Advisory: Insufficient Forensic Visibility in GCP Storage
As part of Mitiga’s continuous research into cloud attacks and forensics, we have been examining potential data exfiltration techniques in GCP (Google Cloud Platform) and how to identify and investigate them. During this research, we discovered a significant forensic security deficiency in Google Cloud Storage that enables a threat actor to exfiltrate in a covert manner.
