The under-appreciated value of Purple Teaming
Having recently finished an extensive and eye-opening purple team engagement, I took some time to reflect on the sheer amount of ground that we had covered in just 6 short weeks.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest Posts
Ransomware trends: the European transport sector
As Aviation, Maritime, Rail and Road transport organisations are reportedly experiencing increased levels of ransomware activity across Europe as per ENISA’s recent report, JUMPSEC analysts have combined the findings with JUMPSEC’s attacker reported data scraped from a variety of sources (including the dark web) providing further context to the risks currently posed to European transport organisations.
Microsoft Direct Send - Phishing Abuse Primitive
This vector abuses Microsoft Direct Send service in order to propagate phishing emails from an external sender to an internal user, whilst spoofing the properties of a valid internal user. This “feature” has existed since before 2016. However, threat intelligence available to JUMPSEC has only observed it being abused recently.
Overcoming the Cyber Detection and Response Gap
Matt Lawrence, Head of Defensive Security, and Dan Green, Head of Solutions, write about why compromise is inevitable – and the practical steps that organisations can take to build a security operating model capable of weathering the storm of cyber threats today.
Revisiting the Detection and Response Gap
Matt Lawrence, Head of Defensive Security, and Dan Green, Head of Solutions, write about why compromise is inevitable – and the practical steps that organisations can take to build a security operating model capable of weathering the storm of cyber threats today.
The evolution of cyber insurance
To cope with increasingly costly pay-outs, providers are redefining the terms of cyber insurance to reduce their exposure. The implications could spell myriad changes for the cyber security industry. Whatever the outcome, it’s time for organisations to re-evaluate whether their policy will cover them against the attacks they are most susceptible to.
2023 Cyber Security Predictions
In a key bulletin published in August 2022, Tony Chaudhry, the Underwriting Director of Lloyds, addressed the risk posed by cyber security threats to the insurance industry, stating that “losses have the potential to greatly exceed what the insurance market is able to absorb”.
Featured Post
JUMPSEC works on a prototype lightweight anomaly detection system
Deploying machine learning models in the cyber security industry is complicated - especially with budget and technology limitations. Especially when it comes to anomaly detection, there's been much debate over privacy, balance, budget, robustness, cloud security and reliable implementation. For cyber security companies using machine learning technologies, ensuring clients' safety with trustworthy artificial intelligence (AI) must always be the primary objective.
NCSC Annual Review 2022
After reviewing the NCSC Annual Review for 2022, we discuss our 5 key takeaways and give our thoughts on the topic.
Combining Artificial Intelligence with Threat Intelligence
One of the primary challenges that our security analysts encounter is where and how to best use their time. Monitoring and reviewing the constant influx of data and alerts produced by our client’s networks whilst also finding the time to keep on top of trending and emerging threats is no mean feat, and not particularly conducive to a healthy work-life balance…