The Cybersecurity and Infrastructure Security Agency (CISA) recently released an Emergency Directive reporting on a long-running supply-chain attack actively exploiting product updates by the IT management company SolarWinds. Attackers were able to monitor SolarWinds’ network traffic and maintain persistence on affected systems and environments by leveraging trojanized versions of product updates. The campaign likely began […]
Modern development practices are a blessing and a curse for organizations. Efficiency gains delivered by distributed workforces, and blended in and out-sourced development teams require collaboration tools like online code repositories. But these tools increase the chance of mistakes and create another attack surface to monitor for security problems. Security teams need new tools to […]
Quick Synopsis No matter how many software developers you employ, development processes or cultures (such as DevOps or DevSecOps) that you adopt, sensitive technical data such as code, credentials or security infrastructure can still be prone to online exposure. In this blog, we walk you through how modern software development practices lead to technical leakage, […]
Modern Development Practices Leads to Increased Exposure As customers, we can be a bit demanding when it comes to technology products. We want the latest products, features – or the most recent versions of those. We’re not stuck for choice though. Rather, our menu of technology products is always growing. These days, companies are all […]
VIPs and executives who are critical to your company and brand can be targeted by threat actors or groups who exploit their personal information to cause financial, brand or reputational damage – or even physical harm. Law firms are among the targets for this type of criminal activity as they possess sensitive data that threat […]
This morning, the British Broadcasting Corporation (BBC) published an article detailing how online actors had obtained and advertised at least 81,000 Facebook user accounts for sale. Digital Shadows (now ReliaQuest) assisted the BBC with its investigation, which included verifying the dataset in question. With so much confusion around the origins of these accounts and the […]
A user claiming to be the notorious darkoverlord extortionist threat actor has appeared on a dark web cybercriminal forum offering breached datasets for sale. In this blog, Digital Shadows (now ReliaQuest) analyzes whether this is a case of a copy-cat actor hoping to profit from thedarkoverlord name, or whether this marks a genuine return for […]
It’s common for the exciting and novel issues that confront security professionals on a daily basis to be hyped up. Very often the reporting and discussion focuses on 0day exploits, nation state actors, sophisticated intrusions and theoretical attack classes. The reality, however, is much more mundane. This point is driven home by the GAO (General […]
Organizations rely on Digital Shadows (now ReliaQuest) to be an extension of their security team. Our global team of analysts provide relevant threat research, much needed context, tailored remediation advice and managed takedown support to make our clients’ jobs easier and more efficient. Crucially, by having analysts within the intelligence and collection cycle, we’re able […]
On July 30, Forrester published its latest research report on malicious insiders, Defend Your Data As Insiders Monetize Their Access. With research content provided by Digital Shadows (now ReliaQuest), the report details how insiders with valuable data or privileged access are using online forums and marketplaces to find buyers. At the same time, cybercriminals are […]