I would like to focus this blog on how Continuous Security Validation technology can help improve and build collaborative relationships within risk management functions when focusing on security. I have operated in both a first (running security, IT, and operational resilience controls) and second-line (overseeing security) capacity, with much of this spent in a heavily audited environment, along with our rather steadfast friends in the third line (completing the trio of the three lines of.
Cymulate’s August 2021 Cyberattacks Wrap-up No summertime vacation for threat actors who were once again very busy during August 2021, launching ransomware attacks against several organizations. The Conti ransomware operators were very active this month, breaching the systems of SAC Wireless, a US-based Nokia subsidiary. They were able to upload the stolen information to their cloud server and to encrypt files on the compromised systems. The FBI has connected Conti to more than 400.
In this blog, I wanted to provide my view on penetration testing versus vulnerability management and how Continuous Security Validation can complement your armory. The Pen isn’t Mightier Penetration tests are often expensive point-in-time assessments, either driven by an annual cycle or by a project-related change e.g. your organization’s latest website, app, or acquisition. Depending on the size of the penetration test, the testers are often working on fixed scopes and tight deadlines,.
Cymulate’s July 2021 Cyberattacks Wrap-up July 2021 started with an affiliate of the notorious REvil gang conducting a ransomware attack targeting Miami-based information technology firm Kaseya. It infected thousands of victims in at least 17 countries through firms that remotely manage IT infrastructure for multiple customers. The threat actors demanded a ransom of a rumored $50 million that the company stated it did not pay, but instead had obtained a decryption tool from a “third party”. .
Risk is not worth the price While spending money on a good cybersecurity platform is no longer a luxury for companies but a necessity, it’s still an important investment. And like a lot of big purchases, it’s crucial to always kick the tires before you buy or switch. If you don’t, you could regret it. Here’s a recent example: CISO of a large high-tech company was approached by an integrator looking to sell an EDR platform. A product that’s highly rated with great scores and reviews by various.
My job is to craft and implement attack scenarios for Cymulate customers to launch in their environment and increase their cyber-resilience. In this tech-blog post I will talk about a new vulnerability dubbed “PrintNightmare”(CVE-2021-34527) and demonstrate how the attack is implemented in the Cymulate Continuous Security Validation platform, Purple Team module. The scenario is implemented in the Cymulate Continuous Security Validation platform, Purple Team module. This allows blue teamers a.
Cymulate’s June 2021 Cyberattacks Wrap-up June 2021 saw a number of ransomware attacks and ransom payments. Gold Northfield, the REvil ransomware group, launched various attacks targeting high-profile targets. JBS Foods, one of the world’s largest meat producers, paid the equivalent of $11 million to restore its operations in Australia, the USA, and Canada after being infected by REvil. Also Fujifilm fell victim to a ransomware attack by the REvil threat actors using the Qbot Trojan, as did.
Comparing Cymulate and AttackIQ Continuous Security Validation Platforms An Important Lesson As a kid in elementary school my father, took me with him when he was looking for a new car. With a manila folder carrying a copy of Consumer Reports and a legal pad of his carefully taken notes under his arm we went into one car dealership where my dad found a car he had researched and was interested in. As he began to look over the car an eager sales rep approached us and began to bombard us with.
As a twenty-plus year cybersecurity professional I can count on a single hand the times I had to respond to a vendor who made crazy, unsubstantiated claims. As practitioner in Breach and Attack Simulation (BAS) and Purple Teaming, I wanted to counter some really misleading “marketecture” that I heard another vendor make. I am going to take the high road and not call that vendor out by name and set the record straight by giving my experience with specifically the Cymulate Continuous Security.
Going on the Offensive In the US government and in the private sector the last few weeks have been truly fascinating from a ransomware perspective. We have reached a tipping point where both sectors see Ransomware as a high-risk threat. In the case of the US government, they have taken a more proactive and offensive approach in going after ransomware criminals, their infrastructure, and even their stolen funds. In this blog, we will discuss this as well as some guidance for the private sector.
Read More >
Subscribe to Our Blog
Stay up to date with the latest cybersecurity news and tips