Resources

Blog

Ransomware: ‘Tis the Season for Retailers to be Prepared

‘Tis the season! Winter holidays are upon us, and with it brings the yearly high-volume online shopping season we all know as Black Friday/Cyber Monday (BFCM). With the total US consumer spending estimated at over $717 billion in the 2018 BFCM season, retailers know that the next few weeks are a critical time for their infrastructure. Unfortunately...
Blog

Security for Cloud Services: PaaS Deep Dive

In my last blog, I gave you some insight into some of the starting steps for adjusting your security strategies for a SaaS-enabled world. Here, I explore some of the additional adaptions to consider with PaaS. Traditional IT organisations have seen significant gains in adopting Platform as a Service (PaaS) solutions. In this blog post, the second in a...
Blog

Cloud Security Threats: Escaping the Egregious Eleven - Part Two

Depending on your familiarity with the Cloud Security Alliance (CSA) publications, part one of this blog was intended as either an introduction or a nagging reminder of the ‘Egregious Eleven’ security threats to cloud computing. It also hopefully made some helpful observations about the first six items on the list. Part two now looks at the...
Blog

New Decryption Tool Released for Jigsaw Ransomware

Security researchers have released a new decryption tool that could help victims of Jigsaw ransomware recover their affected files for free. In a blog post announcing the new utility, Emsisoft explained that its decryptor can work against 85 extensions employed by the ransomware family. The security firm also said that they would update their tool...
Blog

Ransomware Strikes Again in the State of Louisiana

Ransomware hit Louisiana's state government hard yesterday, shutting down multiple websites and email systems after it fell victim for the second time in just a few months to a ransomware attack. In a series of tweets, Louisiana state governor John Bel Edwards revealed that his office had activated a cybersecurity response team in response to an...
Blog

Security for Cloud Services: SaaS Deep Dive

As business adoption of cloud services continues to grow at a rapid pace, so does the need to adapt security methods to accommodate the myriad of options. Traditional best practices often still provide a solid foundation from which to build on, but depending upon the technologies you opt to migrate to the cloud, different challenges and solutions...
Blog

Phishers Targeting Microsoft Office 365 Admin Credentials

Digital fraudsters are stealing Microsoft Office 365 administrator credentials as part of a broader phishing campaign targeting organizations. The campaign began with a phishing email that leveraged Microsoft and its Office 365 brand to lull recipients into a false sense of security. This attack email was unique, however, in that it originated from...
Blog

How to Implement an Efficient Cloud Security Strategy: The Experts Guide

According to IBM, 98 percent of companies will be using multiple hybrid cloud environments by 2021. This trend isn’t surprising. There are many benefits to operating in the cloud such as improved productivity, an increase in elasticity and huge cost-savings, to name a few. However, we keep seeing a range of issues when it comes to cloud security....
Blog

MITRE ATT&CK October Update: Extending to the Cloud

MITRE’s ATT&CK framework is ever evolving. The latest October update extends enterprise coverage to the cloud and adds a considerable list of cloud-specific adversarial techniques. The cloud has seen phenomenal growth over the past few years, as it offers businesses flexibility, reliability and cost-savings. Along with this growth comes new security...
Blog

Phishing Email Instructs Users to Click on "Keep Same Password" Button

Digital fraudsters have launched a new phishing campaign whose attack emails instruct recipients to click on a "Keep same password" button. Bleeping Computer observed that the phishing campaign uses attack emails that arrive with "Account Update" as their subject line. The emails list recipients' email addresses and inform them that their account...
Blog

Aligning SECaaS with Your Organization’s Cloud Security Needs

One cannot underestimate the effect that the ongoing skills gap is having on organizations’ digital security strategies. Gartner estimates that the global number of unfilled digital security positions is expected to grow to 1.5 million by 2020. Reflecting this trend, more than 70 percent of organizations feel that hiring skilled infosec personnel...
Blog

Mitigating Risk and High-Risk Vulnerabilities in Unsupported Operating Systems: BlueKeep Edition

How many times has a vendor released a critical cybersecurity patch for an operating system that is in “end of life” (EOL), or the lifecycle period where the vendor no longer issues patches for bug fixes, operational improvements and cybersecurity fixes free of charge? So if a vendor takes the time and resources to break this freeze and issue a patch...
Blog

Attackers Using PureLocker Ransomware to Target Enterprises' Servers

Researchers have detected a new ransomware family they're calling "PureLocker" which attackers are using to target enterprises' production servers. Intezer detected a sample of the ransomware masquerading as the Crypto++ C++ cryptography library. In their analysis of the sample, they noticed something unusual when they saw that alleged library...