Why passwordless is not always passwordless

The concept of passwordless authentication has been gathering steam. Gartner anticipates that by 2022, 60% of large and global enterprises will implement some sort of passwordless solution to enhance security. While these emerging authentication tools help reduce user friction, the perception that passwords will no longer be required is a little premature. These invisible security […]

Continue Reading

Hackers are leveling up and catching healthcare off-guard

Remember when ransomware operators promised last year not to attack hospitals under siege from COVID-19? Unfortunately, that didn’t happen: hospitality, entertainment, and retail locations were all shut down as COVID-19 spread, leaving ne’er-do-wells to look at industries that were still open for business. When attacking the healthcare industry, hackers are going beyond focusing on data […]

Continue Reading

Cyber investigations, threat hunting and research: More art than science

While it’s true that threat hunting, incident response, and threat research all have their foundations in science (operating system theory and architecture, computer language and compilation, protocols, hardware and memory architecture, logic, etc.), throughout my entire career I have found it is also fundamentally true that the most successful threat hunters, incident responders, and threat […]

Continue Reading

When exploit code precedes a patch, attackers gain a massive head start

Cybersecurity researchers that publicize exploit code used in cyberattacks are giving a clear and unequivocal advantage to attackers, new research conducted by Kenna Security and Cyentia Institute has found. “This data-driven research, built over the course of several years, should remove any doubt,” said Ed Bellis, CTO of Kenna Security. “Practices that have long been […]

Continue Reading

Why threat hunting is obsolete without context

Cybersecurity is an undisputed concern within any industry – but how are organizations and businesses using the security data and information they collect to best ensure their businesses are protected from cyber threats? Threat hunting context According to PwC, 71% of U.S. CEOs said they are “extremely concerned” about cyber threats – ahead of pandemics […]

Continue Reading

A picture is worth a thousand words, but to hackers, it’s worth much more

Enterprises and end-users are constantly reminded of the dangers associated with clicking on unknown links and documents. Images rarely top the list as would-be vulnerabilities, but it’s important to be cautious of these potentially risky files as well. Why? Hackers are able to use image steganography techniques to conduct malicious activity and ultimately compromise enterprise […]

Continue Reading

Defending against Windows RDP attacks

In 2020, attacks against Windows Remote Desktop Protocol (RDP) grew by 768%, according to ESET. But this shouldn’t come as a surprise, given the massive increase in people working remotely during the pandemic. With enterprises resorting to making RDP services publicly available, hackers have taken notice. Some DDoS attacks are leveraging RDP servers to amplify […]

Continue Reading