2023 was a big year for threat intelligence. The sheer volume of threats and attacks revealed through Microsoft’s analysis of 78 trillion daily security signals indicates a shift in how threat actors are scaling and leveraging nation-state support. We saw more attacks than ever before, with attack chains growing increasingly complex; dwell times becoming shorter; and tactics, techniques, and procedures (TTPs) evolving to become nimbler and more evasive. By looking back at the details of key security incidents in 2023, we can begin to isolate patterns and identify learnings for how we should ..read more

ToddyCat, a Chinese advanced persistent threat (APT) group that has been targeting Asian and European government and military organizations over the past four years, is using several different traffic tunneling tools to ensure persistent access to compromised networks, according to researchers at Kaspersky Lab. The group’s primary goal is the exfiltration of large volumes of sensitive information, which can take a long time and is prone to detection, researchers from the security firm said in a new report. “Having several tunnels to the infected infrastructure implemented with different tool ..read more

To help secure the operational technology (OT) systems within industrial organizations against growing targeted attacks, cybersecurity solutions provider Critical Start has launched a managed detection and response (MDR) offering dedicated to these environments. The offering, based on Critical Start’s managed cyber risk reduction (MCCR) principle, is designed to deliver combined threat, vulnerability, and risk monitoring and management for threats facing critical OT systems. “Critical Start MDR for OT is a comprehensive and flexible service that combines OT-specific threat detection capabili ..read more

Biometrics definition Biometrics are physical or behavioral human characteristics to that can be used to digitally identify a person to grant access to systems, devices, or data. Examples of these biometric identifiers are fingerprints, facial patterns, voice or typing cadence. Each of these identifiers is considered unique to the individual, and they may be used in combination to ensure greater accuracy of identification. Because biometrics can provide a reasonable level of confidence in authenticating a person with less friction for the user, it has the potential to dramatically improve ent ..read more

More CISOs are dissatisfied with the role today than ever before, with studies showing that a high number of security chiefs (75%) are interested in a job change. What gives? Researchers, advisors and CISOs themselves cite a litany of reasons for the current discontentment, ranging from a lack of executive support to the increased level of liability created by recently enacted security regulations like those implemented recently by the US Securities and Exchange Commission (SEC). It doesn’t help that in several recent incidents, CISOs have been held legally personally responsible for the han ..read more

Breaches are inevitable due to the asymmetry of attacks – carpet checks versus guerilla warfare. Companies – regardless of size – have been breached. For years, security leaders have spoken about the myth of the infallible Protection doctrine and reasons for improving on detection, response, and recovery. We broached on the need for threat intelligence, advanced threat-hunting, responding through table-top exercises, and having tightly integrated SIEMs (security information and event management) and SOARs (security orchestration, automation, and response) to quickly contain breaches. However ..read more

Russia-linked advanced persistent threat (APT) actor Forest Blizzard had, since June 2020, exploited a now-patched Windows vulnerability to drop previously unknown, custom post-compromise malware, GooseEgg, according to a Microsoft report. Forest Blizzard, linked previously to the Russian intelligence agency General Staff of the Armed Forces of the Russian Federation (GRU), deployed GooseEgg to gain elevated access to target systems and steal credentials and information. “Although Russian threat actors are known to have exploited a set of similar vulnerabilities known as PrintNightmare (CVE ..read more

While chief information security officers (CISOs) are rarely tasked with the full range of health and human safety concerns that facilities teams or chief security officers must act upon, CISOs still have a huge part to play in enterprise physical security strategies from physical security systems that connects to IT systems to physical access to IT assets. What is physical security? Physical security is the protection of people, property, and physical assets from actions and events that could cause damage or loss. Though often overlooked in favor of cybersecurity, physical security is equal ..read more

After the CSRB report, Microsoft must eschew marketing hyperbole while apologizing for its cavalier security practices, communicating its remediation plan, and report honest metrics to the security community as it proceeds. On March 20 of this year, the Cyber Safety Review Board (CSRB), an organization under the Cybersecurity and Infrastructure Security Agency (CISA) that was established pursuant to President Biden’s Executive Order (EO) 14028 on ‘Improving the Nation’s Cybersecurity’, published a report titled: “Review of the summer 2023 Microsoft Exchange Online Intrusion.“ As the title su ..read more

A ..read more