Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The global pandemic further accelerated a trend toward remote work that was already underway, even in federal, state, and local agencies that previously resisted it. But as agencies continue to offer telework options to employees, they must also rethink their security stack to better mitigate the cybersecurity risks that remote work catalyzes. Traditional, perimeter-based approaches to security will no longer work in a cloud-first environment where data can, and is, accessed from just about anywhere.

It is October 2021, and another Cybersecurity Awareness Month is upon us. With so much having occurred over the last year, we should all be experts in personal cybersecurity protection. After all, when our homes became our primary business location, it all became very personal. I once worked at a company that prohibited me from offering personal cybersecurity advice.

When your customers reach out for help, they send messages to your support team that likely contain personal information. Help desk ticketing systems can often harvest for personally identifiable information (PII) like email addresses and credit card numbers, while healthcare providers using ticketing systems may request protected health information (PHI) like patient names and health insurance claim numbers or phone numbers.

You may have previously heard about TeamViewer if you’ve ever needed to remotely access another device for the purposes of maintenance or general work activities.

At the Rubrik Data Security Summit, leaders from both the public and private sectors discussed an important topic: ransomware. Cyber threats continue to expand in both volume and sophistication with attacks growing at a rate of 150% annually. As attackers increasingly target backups, it will be even more paramount for policies and guidance from government agencies to match the security innovation of private sector businesses to mitigate the risks of this cyber pandemic head-on.

The Splunk threat research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing discovery and reconnaissance tasks within Active Directory environments. In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.

The vulnerability disclosure process involves reporting security flaws in software or hardware, and can be complex. Cooperation between the organization responsible for the software or hardware, and the security researcher who discovers the vulnerability can be complicated. In this blog we’ll look at the vulnerability disclosure process, the parties involved and how they can collaborate productively.

What is your organization’s approach to security events? For many organizations, each security alarm is treated with the same urgency as a fire. While a sense of urgency is good, the ensuing panic that occurs is not a recipe for longevity. The constant shifting of attention from one emergency to the next is fatiguing; it can often lead to mistakes that compound an event. The “all hands on deck” approach is similar to an ineffective method of weeding a garden.

The team at LimaCharlie has been moving some big pieces around the board during the month of September. We have been working on something special. On October 12th we will be running a webinar to demonstrate LimaCharlie’s integration of Red Canary’s Atomic Red Team. Atomic Red Team is a library of tests mapped to the MITRE ATT&CK framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments….

As the threat landscape evolves faster than we can keep up with, organizations must be aware of the type of threats they may face. Certain threat types, like ransomware and malware, are more prominent and therefore must be fought with the appropriate resources. On the other hand, some threat types are not prevalent and pose significantly less risk. However, just because a specific threat isn’t as widespread does not mean we shouldn’t take it seriously.