Threats & Defense
Intelligence and strategies that help organizations identify, protect, detect, respond, and recover.
- Penetration Testing
- Vulnerability Scans
- MITRE ATT&CK Evaluations
- Social Engineering
- Incident Response & Forensics
- Threat Intelligence
- Threat Hunting
- Red Team Testing
ARE YOU READY TO WORK WITH US?
Schedule a meeting today!
Stay Updated with the Latest
A Review of the Best News of the Week on Cyber Threats & Defense
Feds list the top 30 most exploited vulnerabilities. Many are years old (Ars Technica, Jul 29 2021)
Hackers continue to exploit publicly known—and often dated—software vulnerabilities.
Navigating the 2021 threat landscape: Security operations, cybersecurity maturity (Help Net Security, Aug 02 2021)
Findings from a new report from ISACA in partnership with HCL Technologies show that 35 percent of respondents report that their enterprises are experiencing more cyberattacks, three percentage points higher than last year.
US Gov Warning: VPN, Network Perimeter Product Flaws Under Constant Attack (SecurityWeek, Jul 28 2021)
The U.S. government and its allies are pleading with defenders to pay attention to gaping holes in perimeter-type devices, warning that advanced threat actors are feasting on known security defects in VPN appliances, network product gateways and enterprise cloud applications.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~20,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Vulnerability in Popular Survey Tool Exploited in Possible Chinese Attacks on U.S. (SecurityWeek, Jul 27 2021)
The attacks involve CVE-2021-27852, a deserialization-related code execution vulnerability affecting Checkbox Survey, an ASP.NET tool designed for adding survey functionality to websites.
Microsoft adds Safe Links phishing protection to Microsoft Teams (Help Net Security, Jul 28 2021)
Microsoft has extendend the phishing protection offered by Microsoft Defender for Office 365’s Safe Links feature to Microsoft Teams. “At its core, Safe Links provides time-of-click verification of URLs. This process entails scanning URLs for potentially malicious content and again evaluating them when they are clicked on by a user,” Girish Chander, Microsoft’s Group Program Manager of Office 365 Security, explained.
Ransomware can penetrate quickly, significantly damaging an organization (Help Net Security, Jul 29 2021)
Cloudian issued its 2021 Ransomware Victims Report, based on an independent survey of 200 IT decision makers whose organizations experienced a ransomware attack between 2019 and 2021. The survey found that traditional ransomware defenses are failing, with 54% of all victims having anti-phishing training and 49% having perimeter defenses in place at the time of attack.
New bank-fraud malware called Vultur infects thousands of devices (Ars Technica, Jul 30 2021)
Screen sharing courtesy of VNC mirrors device screens to attacker-controlled servers.
Russia’s APT29 Still Actively Delivering Malware Used in COVID-19 Vaccine Spying (SecurityWeek, Jul 30 2021)
The Russian cyberespionage group known as APT29 and Cozy Bear is still actively delivering a piece of malware named WellMess, despite the fact that the malware was exposed and detailed last year by Western governments.
New Chinese Threat Group ‘GhostEmperor’ Targets Governments, Telecom Firms (SecurityWeek, Jul 30 2021)
A previously undocumented Chinese-speaking threat actor is targeting Microsoft Exchange vulnerabilities in an attempt to compromise high-profile victims, Kaspersky reveals.
Zeek in Action Videos (TaoSecurity Blog, Jul 29 2021)
Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.
With help from Google, impersonated Brave.com website pushes malware (Ars Technica, Jul 31 2021)
With a valid TLS certificate, faux Bravė.com could fool even security-savvy people.
Multiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube System (Dark Reading, Aug 02 2021)
“PwnedPiper” flaws could allow attackers to disrupt delivery of lab samples or steal hospital employee credentials, new research shows