COVID-19 has people suddenly working from home, but there are attackers seizing on the opportunity to compromise virtual networks.

Significant Volume of Brute Force Attempts Against Ingress Authentication Sources In the past 72 hours there has been a significant volume of brute force attempts against various ingress authentication sources (like o365 or VPN solutions). We have seen this across all of our customers and that this activity is both typical for this time of… Read more »

Revisiting the Security Threats That Marked 2019 and How They Were Managed Wow, what a year it has been! Security attacks in 2019 were marked by a resurgence of Ransomware attacks, business email compromise (BEC) attacks, and the discovery of painful blind spots in existing security programs for our new, and in some cases older,… Read more »

Assessing the Successes (and Failures) of Organizations’ Information Security Orchestration and Automation Response Solutions As 2018 comes to a close, we must look at the information security and managed services trends already established this year, and those on deck for 2019. To get things going ahead of the new year, we thought we would share… Read more »

No, this blog post isn’t about the credit cards or identity theft. It’s about the tools that, as a security professional, you should keep stored in your “security wallet.” Like any tradecraft, security professionals should have a set of tools, in this case, applications, websites, and resources, that they keep on-hand. These items become your… Read more »

New System Vulnerabilities You Need to Know About Researchers have disclosed vulnerabilities in the way processors are handling memory management while data is traversing the central processing unit of your system. The latest update on these vulnerabilities can be found at this post from Project Zero. Vulnerability Details: What You Need to Know There are… Read more »

How to be Sure Your Security Solutions are Working for You–Not an Attacker.  Oh, what a year it has been! So far, 2017 has been full of mega breaches due to patching issues, more Internet of Things (IoT) related attacks, and ransomware causing organizations pain. While we had more events, the challenges from 2016 remain… Read more »

Carbon Black’s assertion that this only affects Cb Response: Carbon Black’s response to our post is just more validation of our findings. In general, vendors need to be more careful with how they handle customer data, even if it is an optional feature. As we stated in the blog post, we were unsure if this… Read more »

Carbon Black’s Cb Response product is one of the more popular endpoint detection and response (EDR) tools available in an ever-growing marketspace. However, as a function of how the tool is architected, it is also a prolific data leaker. This threat report blog will help security organizations understand how our vulnerability assessment experts harvested data… Read more »

The news that WikiLeaks released hundreds of documents revealing the CIA’s methods for hacking into smartphones and other Internet-connected devices has received global attention. So, what does the average person need to do to protect themselves if they are an Apple, Android or smart home gadget user? Some vendors have been proactive in publicly disclosing… Read more »