Blog

Blog

Google Ups Bug Bounty Reward Amounts for Product Abuse Risks

Google announced its decision to increase the reward amounts for product abuse risks reported through its bug bounty program. On September 1, Google employees Marc Henson and Anna Hupa announced that researchers could now receive up to $13,337 for reporting a High-Impact vulnerability through which a malicious actor could abuse Google products for...
Blog

Covid-19 Exposure Logging: Key Privacy Considerations

Recently, both Apple and Google released new updates for iPhone and Android devices. One feature that was added was “Covid-19 Exposure Logging.” The feature is off (for now), and according to the text that accompanies the app, when turned on, it is set to communicate via Bluetooth to other devices. ...
Blog

Dashboards: An Effective Cybersecurity Tool

Data is only as good as what you are able to do with it. Not only does the cybersecurity universe collect data, but individual enterprises also collect cybersecurity data from within their organization as well as from external sources in order to add to more context and relevance. All data needs to be analyzed in order to create actionable insights...
Blog

Former AlphaBay Moderator Sentenced to 11 Years in Prison

A Colorado man received a prison sentence of 11 years for having served as a moderator on the AlphaBay underground marketplace. U.S. District Court Judge Dale A. Drozd handed down the sentence to Bryan Connor Herrell (known as “Penissmith” and “Botah” online), 26, of Aurora, Colorado on September 1,...
Blog

CISO: What the Job REALLY Entails and How It’s Evolved over the Years

All of us know what a Chief Information Security Officer (CISO) does from afar. A CISO upholds the organization’s overall security by overseeing the operations of the IS practice, the IT security department and related staff. In this capacity, those who become a CISO attain the highest paying job in information security, as it carries the associated...
Blog

Gift Cards Requested in Two-Thirds of BEC Attacks, Report Reveals

A report revealed that scammers requested funds in the form of gift cards in two-thirds of business email compromise (BEC) attacks. For a phishing trends report from the Anti-Phishing Working Group (APWG), APWG member Agari examined thousands of BEC attacks that occurred in the second half of 2020. It found that 66% of them involved gift cards. By...
Blog

Tripwire Patch Priority Index for August 2020

Tripwire's August 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Apple. Up first on the patch priority list this month are patches for Microsoft and Apple for vulnerabilities that have been integrated into various exploits. Metasploit has recently added exploits for Microsoft .NET Framework,...
Blog

SCM in Practice: How to Strengthen Your Organization’s Security Processes

Security configuration management (SCM) involves maintaining a secure baseline configuration for an organization’s systems and monitoring those assets for deviations from that baseline. This fundamental control pairs well with other elements of an organization’s security strategy. As such, SCM enables security teams to harden their organization’s...
Blog

Emotet Switches to 'Red Dawn' Template in Weaponized Word Documents

Researchers observed that the Emotet gang had incorporated a new "Red Dawn" template into their weaponized Word Documents delivered to users. Until recently, Emotet's handlers had been targeting users with a iOS-themed document template for their malicious Word documents. The template explained that a sender had created the document on iOS, and it...
Blog

¿Te mudas a la nube para ahorrar dinero? Piénsalo de nuevo …

La mayoría de los clientes tienen en mente "ahorrar dinero" al pasarse a la nube. El "cloud deployment" de Google y encabezados de blogs y sitios de noticias están dominados por artículos positivos que ofrecen evidencia anecdótica de cómo la nube puede ahorrar dinero a los clientes. Más comúnmente, los consultores en la nube o los proveedores de la...
Blog

North Korea's BeagleBoyz Resumes International Attacks Targeting Banks

North Korea's BeagleBoyz team resumed its efforts to target banks worldwide with fraudulent money transfers and ATM cash outs. On August 26, the Cybersecurity and Infrastructure Security Agency (CISA) published Alert (AA20-239A) in coordination with the Department of the Treasury (Treasury), the Federal Bureau of Investigation (FBI) and U.S. Cyber...
Blog

IoT Devices in Different Industries and How to Secure Them

Today, data analytics, automation, connectivity, and remote monitoring have made great progress and have brought innovations in every sphere of modern civilization. The digitization in day-to-day human activities has been revolutionized by the Internet of Things (IoT). Based on Gartner’s Forecast database, we can expect that there will be...
Blog

3 Areas of Your IT Infrastructure that SCM Can Help to Secure

Gone are the days when security teams could focus all of their efforts on keeping attackers out of the network. There’s no inside or outside anymore. The modern network is porous; it allows greater numbers and types of devices to connect to it from all over the world. This characteristic might serve organizations’ evolving business needs as they...
Blog

RDP Used by Iranian Actors in International Dharma Ransomware Attacks

Iranian actors leveraged the Remote Desktop Protocol (RDP) as part of an international campaign to target companies with Dharma ransomware. Group-IB uncovered the campaign while conducting an incident response engagement for a Russian company in June 2020. As part of its investigation, the digital security solutions provider's digital forensics team...
Blog

How IT-OT Security Has Changed in the Wake of COVID-19

After the global outbreak of coronavirus 2019 (COVID-19), organizations quickly transitioned to remote work in order to enforce social distancing and to keep their employees safe. But this work-from-home arrangement opened up organizations to more risk as well as less redundancy and resilience. That’s especially the case for organizations with...