Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Avoiding SMB Rate Limits During Authentication Attacks

During a penetration test, it's not an uncommon practice for a penetration tester to launch a password attack against Active Directory. Many times this password attack uses a list of domain user accounts that were enumerated or even just a list of potential domain user accounts that were generated randomly. Many penetration testers will either perform just a single password attack or at least 2-3 attempts, depending on domain's password lockout policy is set to.

Automated Penetration Testing: 5 Benefits for CISOs

Research by Cybersecurity Ventures projects a doubling of the global cost of cybercrime in the 2015-2021 period from $3 trillion to $6 trillion. The escalation of cybercrime is closely related to the rapid expansion of the cyber attack surface. For instance, the total number of Internet users doubled between 2015 and 2018 from 2 billion to 4 billion, and is expected to hit 6 billion by 2022.

Winter Is Here, and so Are Holiday Cyber Scams

The holiday season revolves largely around traditions like festive lights, Christmas trees, family dinners, holiday cards and Secret Santa gift exchanges. Even if you don't like all of these traditions, you will probably agree that none is as bad as one of the newest phenomena that characterizes this time of year: holiday cyber scams.

Social Engineering 2.0 - Evasive Spear Phishing and Vendor Email Compromise

When companies are investigating the weak points in their cyber defenses, they must look beyond their IT infrastructure. In most cases, an organization’s biggest security vulnerability does not stem from the machines on its network, but from people on the payroll. And because this is common knowledge to threat actors, social engineering attacks that target employees generally constitute a bigger threat to businesses than cyber campaigns that directly attack computer systems.

What You Don't Know Can Most Certainly Hurt You: The Importance of Phishing Assessments

Every thirty seconds, a phishing attack occurs somewhere in the world. That comes down to 120 attacks per hour. Industry research doesn’t just show that phishing is incredibly common, but also highlights how costly it is, with losses from a single attack averaging $8,850. This means that every hour, $1,062,000(!) is lost to phishing. Even though this makes phishing a massive threat to companies, a recent report shows that over one third (35%) of employees don’t even know what it is.