The only way to stay one step ahead of the adversary is by knowing their intent, toolset, infrastructure, target – and using this intelligence to inform action. As discussed in the recent webinar Dark Web Exposures Brought to Light, mitigating digital risk to your brand is not simply a matter of stumbling across a typosquatting domain or some isolated piece of stolen data. Both automation and human expertise are essential to proactively collecting mass amounts of data, sifting through thousands of data points, analyzing relationships among the data points, deciding on priorities, and ultimate ..read more

It’s happened to almost everyone. One day we check our bank statement or receive an alert and scratch our head thinking “Hmm, that’s odd. I don’t remember making that purchase.” Unfortunately, the truth is that we became a fraud victim long before that purchase was made, as our card was probably compromised days, weeks, or even months before. To say the least, it’s a pain to be a victim of card fraud. Think of the time spent speaking with customer service, waiting for your card to be reissued, and renewing your subscriptions with new payment information. As consumers, in the end we are inconv ..read more

Throughout 2021, organizations faced a variety of cyber threats targeting their brands. While threats affecting brands, such as typosquats, domain abuse, and data exposure, do not garner as much attention as ransomware attacks, it is crucial that organizations actively respond to and mitigate these threats. Threats to brands affect organizations in every sector, both public and private, and can be used as staging grounds by attackers for future cyberattacks. According to the 2021 Brand Intelligence Trends report by Insikt Group®, data exposure continued to be a persistent threat to organizati ..read more

Editor’s Note: The following post originated here. Due to further sanctions and political measures from the U.S. and European countries on Russia, governments on both sides of the Atlantic have warned about the cybersecurity implications of Russia’s war on Ukraine and the potential for cyber attacks. Just yesterday, the White House reiterated those warnings, based on evolving intelligence that the Russian government is exploring options for potential cyberattacks. The UK’s National Cyber Security Centre (NCSC) has also warned British organizations about the heightened state of cyber risk and ..read more

Key Takeaways Open source intelligence is derived from data and information that is available to the general public. It’s not limited to what can be found using Google, although the so-called “surface web” is an important component. As valuable as open source intelligence can be, information overload is a real concern. Most of the tools and techniques used to conduct open source intelligence initiatives are designed to help security professionals (or threat actors) focus their efforts on specific areas of interest. There is a dark side to open source intelligence: anything that can be found ..read more

Few topics spark conversation like security automation. Automation is the entire premise around programming; routines and repetitive patterns are tasked to computers while humans work only on higher priorities. For security practitioners, this is essential because even a small network can have thousands of endpoints that need protecting while the security staff is miniscule. Yet the challenge facing organizations in 2022 is how to automate, not just the collation and data collection tasks where machines excel, but to automate the repetitive human decisions made daily to defend an enterprise ..read more

Few topics spark conversation like security automation. Automation is the entire premise around programming; routines and repetitive patterns are tasked to computers while humans work only on higher priorities. For security practitioners, this is essential because even a small network can have thousands of endpoints that need protecting while the security staff is miniscule. Yet the challenge facing organizations in 2022 is how to automate, not just the collation and data collection tasks where machines excel, but to automate the repetitive human decisions made daily to defend an enterprise ..read more

Editor’s Note: The following post is an excerpt from SecurityTrails. To read more, click here.  To learn how Attack Surface Intelligence from Recorded Future shines a light on attack surface blind spots and provides an outside-in view of an organization for proactive risk reduction, view the datasheet here. A recent study by IBM found that nearly six in ten responding organizations accelerated their digital transformation efforts due to the COVID-19 pandemic. The disruptive ground brought on by the global crisis, further exacerbated by the rise in hybrid and remote workforces, has shown ..read more

Few topics spark conversation like security automation. Automation is the entire premise around programming; routines and repetitive patterns are tasked to computers while humans work only on higher priorities. For security practitioners, this is essential because even a small network can have thousands of endpoints that need protecting while the security staff is miniscule. Yet the challenge facing organizations in 2022 is how to automate, not just the collation and data collection tasks where machines excel, but to automate the repetitive human decisions made daily to defend an enterprise ..read more

Picture this: A threat actor acquires a stolen list of your customers’ email addresses via a dark web forum. The actor then registers a typosquat domain, similar to your own. They use your logos and design to make the site look as authentic as possible. Then, they email this phishing site directly to your customers, and trick them into giving up their credit card information. Your customers are justifiably angry. They blame you for their lost money, time, and expenses related to identity monitoring. Even though it’s not your fault, you’ve lost their trust, and gaining it back will be both dif ..read more