Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


The Dark Side of EDR: Repurpose EDR as an Offensive Tool

Endpoint detection and response (EDR) solutions have become a key component of many enterprise endpoint security strategies, resulting in a forecasted market value close to $17 billion by 2030. This is due in no small part to the increase in remote work following the COVID-19 pandemic, the resulting bring-your-own-device (BYOD) trend in which employees use personal devices for work-related activities, and the constant evolution of cyber threats.

SafeBreach Coverage for AA24-109A (Akira Ransomware)

On April 18th, the United States’ Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) issued an urgent advisory about Akira ransomware’s recently exhibited malicious behavior (as of February 2024). Detailed information about these threats and the associated IOCs and TTPs can be seen on #StopRansomware: Akira Ransomware.

MagicDot: A Hacker's Magic Show of Disappearing Dots and Spaces

Microsoft Windows is the world’s most widely used desktop operating system (OS). It accounts for more than 70% of market share as of February 2024, according to market research firm Statista, and can be found on more than 1.4 billion active devices. As with any software vendor, Microsoft continuously evolves their OS with the release of updated versions that offer new features and functionality.

Building Resiliency in the Face of Ransomware

Ransomware remains one of the biggest security threats in 2024. This follows a concerning resurgence in 2023, where more than $450 million in ransomware payments were reported in the first half of the year alone. The proliferation of Ransomware-as-a-Service (RaaS) and the subsequent attacks against a variety of businesses—from the smallest start-up to the most powerful multinational—reinforce what security professionals already know: ransomware is not going away.

Replicating Realistic Threat Behavior is Critical to Red Teaming, But It Doesn't Have to Be Complicated

Organizational red teams are tasked with the critical responsibility of ensuring preparedness against real-world threats. But the ability to accurately replicate complex threat behavior can often be resource-intensive, expensive, and difficult to operationalize. As sophisticated threat actors continue to evolve their attack patterns, replicating this rapidly changing behavior can become nearly impossible.

How a Fortune 500 data company leveraged SafeBreach to transition to 100% cloud

When a large data company decided to migrate their systems fully to the cloud, their cybersecurity team knew it would be a challenge. The company’s senior security architect put it succinctly: “Our CTO said, we’re going completely to cloud. Everyone buckle up.” Though the organization had assets in the cloud for many years, the team wasn’t sure they were ready to be 100% in the cloud from a security standpoint.

SafeBreach Coverage for AA24-060A (Phobos Ransomware) and AA24-060B (Ivanti Connect Secure)

On February 29th, the Cybersecurity and Infrastructure Security Agency (CISA) issued two separate advisories related to malicious behavior exhibited by threat actors. The first advisory AA24-060A pertains to Phobos Ransomware and the second advisory AA24-060B pertains to the exploitation of vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways.

ALPHV Blackcat, GCP-Native Attacks, Bandook RAT, NoaBot Miner, Ivanti Secure Vulnerabilities, and More: Hacker's Playbook Threat Coverage Round-up: February 2024

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including those based on original research conducted by SafeBreach Labs. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.