The world of ransomware and cyber extortion continues to change dramatically. On the one hand, new ransomware variants and data leak sites are popping up like mushrooms; on the other, threat groups disappear into the shadows, leaving their mark on the world only to fade away. However, even on the surface, the goal remains the […]
The Cybersecurity and Infrastructure Security Agency (CISA) recently released an Emergency Directive reporting on a long-running supply-chain attack actively exploiting product updates by the IT management company SolarWinds. Attackers were able to monitor SolarWinds’ network traffic and maintain persistence on affected systems and environments by leveraging trojanized versions of product updates. The campaign likely began […]
Modern development practices are a blessing and a curse for organizations. Efficiency gains delivered by distributed workforces, and blended in and out-sourced development teams require collaboration tools like online code repositories. But these tools increase the chance of mistakes and create another attack surface to monitor for security problems. Security teams need new tools to […]
Quick Synopsis No matter how many software developers you employ, development processes or cultures (such as DevOps or DevSecOps) that you adopt, sensitive technical data such as code, credentials or security infrastructure can still be prone to online exposure. In this blog, we walk you through how modern software development practices lead to technical leakage, […]
Modern Development Practices Leads to Increased Exposure As customers, we can be a bit demanding when it comes to technology products. We want the latest products, features – or the most recent versions of those. We’re not stuck for choice though. Rather, our menu of technology products is always growing. These days, companies are all […]
VIPs and executives who are critical to your company and brand can be targeted by threat actors or groups who exploit their personal information to cause financial, brand or reputational damage – or even physical harm. Law firms are among the targets for this type of criminal activity as they possess sensitive data that threat […]
In this week’s ShadowTalk, we discuss the big vulnerability and exploit stories of the week. The team discuss the Cisco denial- of-service vulnerability affecting its Adaptive Security Appliance (ASA), as well as a vulnerability in Oracle’s VirtualBox technology posted to GitHub. Dr. Richard Gold, Rafael Amado and Michael debate the benefits and drawbacks of bug […]
In November 2016, Tesco Bank suffered a series of fraud attacks that allowed cybercriminals to check out with £2.26m (roughly $3 million) in customer funds. Two years on, Dr Richard Gold and Simon Hall join Rafael Amado to discuss the UK Financial Conduct Authority’s (FCA) investigation into the attacks, which resulted in a fine of […]
At this time of the year, you can’t go anywhere without encountering something dark, spooky and mysterious. It all reminds me of misconceptions about the dark web, the area of the web that everyone is convinced they need to monitor but don’t quite know why. While the dark web is overhyped, it’s not all a […]
In this week’s ShadowTalk, Harrison Van Riper and Rafael Amado join Michael Marriott to discuss the latest stories from the week. This week’s podcast has a strong Guy Richie flavor, with a focus on lock, stock and ru smoking barrels. We begin by discussing October’s hot ransomware activity, including the most popular variants, common targets, […]