Open Extended Detection and Response (XDR) marks a paradigm shift in enterprise security, focusing on using comprehensive data insights to enhance threat detection and response across diverse systems and environments.   This approach champions flexibility and interoperability over traditional vendor lock-in, allowing for a tailored security posture that keeps pace with the evolving threat landscape. The…

Read More

Figure 2: Latest attack request targeting Windows servers   As shown in Figure 2, the latest attack requests are targeting the same URL, keeping the same HTTP header values and the same exploit structure, however, they are now using Windows shell commands to download and execute a file. Using the Windows certutil Tool While Linux…

Read More

In the F5 and Ponemon report, The Evolving Role of CISOs and their Importance to the Business, security leaders were asked to rank their top threats to their security ecosystem. The number one answer was advanced persistent threats (ranked 8.8 out of 10). We’ve already talked about why CISOs should manage the most likely damaging…

Read More

Once upon a time I was a security consultant. I was assigned to review the firewall configuration for a sizeable Seattle startup of about 800 employees. They were in the business of hosting websites for thousands of small businesses across the world and therefore had a somewhat complex Internet connectivity setup. I sat down and…

Read More

There’s a lot of speculation in cryptocurrency right now. People are mining coins all over the place, and even though it’s getting harder and harder to make money mining coins, interest is still high. All it costs is money for the power bill. So, of course, clever people are figuring out how to use other people’s power…

Read More

There’s an old joke that a job in security is a safe place to be grumpy. From what I’ve seen over my career, that is often true. Security people seem to cherish their reputation for being pessimistic and untrusting. Some take it further and cast their disdain upon the users, who obviously need to be…

Read More

The role of deception technology in modern cybersecurity is to turn the tables on cybercriminals, transforming networks from passive targets into active traps.   Deception gives security teams the chance to use hackers’ own methods against them, as well as gather intelligence on their tactics. But deception’s role is evolving. Read on to learn how deception…

Read More

Applications are the lifeblood of our enterprises. Not many organizations can survive in a pencil and paper world. They are all dependent on IT with applications doing the heavy lifting of arranging, tracking, processing, communicating, and calculating daily business. But applications are no longer singular programs running on one computer, they are huge collections of…

Read More

Image: Midjourney The Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. OFAC also announced sanctions against two front companies—Mehrsam Andisheh Saz Nik (MASN), formerly Mahak Rayan Afzar, and Dadeh Afzar Arman (DAA)—for the Iranian Islamic Revolutionary…

Read More

Because of an international criminal act, you can get a cheap morning latte. Historically, the country of Yemen had a monopoly on coffee, forbidding the export of the plants and seeds—their intellectual property. However, in 1616, a Dutch merchant managed to smuggle out a few coffee plants from the city of Mocha in Yemen. Holland…

Read More