It was a dark and stormy DEFCON. Water leaked from the ceilings onto the casino floors and lightning flashed across the sky. With over 25k attendees, Las Vegas was raining hackers. If you were not swept away in the storm in Las Vegas, you surely felt the flood of new vulnerability fixes on August’s Patch […]
Picture this, you are an analyst working in a large security operations center (SOC) responding to an overwhelming amount of alerts each day. A large portion of the alerts are false positives, but you have to be sure so each one requires your attention. After a while, complacency sets in, and impactful alerts are missed. […]
At the beginning of our conversation on vulnerability intelligence a couple of weeks ago, I briefly touched on a fictional weeklong scenario that involved vulnerability disclosure, PoC (proof-of-concept) release, and mass scanning that ended with victims hit by exploits. I get it, a week to go from vulnerability to working exploit may seem like hyperbole, […]
Picture this: it’s a Monday morning, and you’ve just found out that a critical vulnerability was announced on your favorite security news site. Let’s suppose that the announcement of this vulnerability coincided with the presentation of a proof-of-concept (PoC) that takes advantage of this vulnerability. By Monday afternoon, your network logs are flush with the […]
Our blogs have covered the fate of numerous cybercriminal marketplaces on the clear, deep, and dark web over the years. Our research has uncovered several factors determining a platform’s chances of success, including market share, USP, security, and convenience. We’ve mainly focused our attention and threat intelligence articles on the rise and fall of several […]