When Eric M. Hutchins, Michael J. Cloppert, and Rohan M. Amin published their paper “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains” in late 2010, they changed the way security personnel thought about defending their digital assets. The paper continues to be a useful model for defense today. This article proposes ways that modern network-derived evidence applies to the kill chain.

In the movie, "Willy Wonka and the Chocolate Factory," kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL store is selling advanced phishing kits – a golden ticket for hacking Microsoft 365 accounts -- that can bypass multi-factor authentication (MFA) no less.

Phishing attacks have always been detected through broken English, but now generative artificial intelligence (AI) tools are eliminating all those red flags. OpenAI ChatGPT, for instance, can fix spelling mistakes, odd grammar, and other errors that are common in phishing emails. This advancement in AI technology has made it easier for even amateur hackers to analyze vast amounts of publicly available data about their targets and create highly personalized and convincing emails within seconds.

The Associated Press (AP) has disclosed a data breach affecting the legacy AP Stylebook website that led to phishing attacks against impacted customers, BleepingComputer reports. “On July 20, 2023, Stylebooks.com notified us that AP Stylebook customers had received phishing emails directing them to a fake website that imitated AP Stylebook to provide updated credit card information,” the AP said. “APS immediately engaged a cyber forensics firm to investigate the incident.

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) and a validation issue vulnerability (CVE-2023-41061) among macOS, iOS, iPadOS, and watchOS products. These vulnerabilities can be exploited with a maliciously crafted attachment or image which leads to arbitrary code execution.

On August 31, 2023, Arctic Wolf sent out a bulletin alerting customers to an ongoing brute force campaign targeting Cisco Adaptive Security Appliance (ASA). Subsequently, on September 6, 2023, Cisco published a security advisory warning of a zero-day vulnerability (CVE-2023-20269) in the remote access VPN feature of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software.

With organizations becoming increasingly digitally connected, a lack of visibility into their vendors’ security diligence has made exploiting these relationships a go-to tactic for cybercriminals. Fifty-four percent of publicly reported breaches in the last two years have been due to third parties, vendors, or suppliers, representing one of the greatest cybersecurity risks. Additionally, 98% of organizations have at least one vendor that’s had a breach in the last two years.

Nightfall has been named as a Leader in Data Loss Prevention (DLP), Sensitive Data Discovery, and Data Security in G2’s Fall ‘23 rankings. We’d like to extend a huge thank you to all the customers and supporters who made this possible. This past season, the Nightfall team has been working tirelessly to innovate new ways to keep customers safe in the cloud.

Johnson and Johnson is a large-scale manufacturing company that provides pharmaceuticals and medical products to companies throughout the world. The organization also makes a variety of consumer products. The massive company has over 130,000 employees and generates over $94 Billion in annual revenue. The huge company suffered a recent data breach that exposed some of its employees via its healthcare services.

Playbooks — and automated processes in general — used to be associated primarily with security orchestration, automation and response (SOAR) platforms, but that has changed recently. Many modern security information and event management (SIEM) solutions have started incorporating SOAR-like functionality, enabling you to automate security workflows and improve your mean time to detect (MTTD) and mean time to respond (MTTR).