Blog

July 2020 might have been hot, and COVID-19 is still rampant, but that did not stop or slow down cybercriminals, on the contrary. Here is a rundown of their activity.  Hancitor and Emotet were used in several campaigns. Hanticor is a notorious downloader spreading through malicious attachments to download data-stealing malware such as Pony and Vawtrak. For the first time, Hanticor used a new three-pronged delivery approach: The use of the uncommon, native Windows CallWindowProc API. Piggyback.

A reader recently asked, "I'm in a regulated industry and do penetration testing once a year for compliance. Why would I also use Breach and Attack Simulation?" Let's dive into this question, as the need for Breach and Attack Simulation (BAS) solutions like Cymulate do not diminish when you are in a regulated environment. In fact, the need for BAS becomes even stronger when you perform pen-testing once a year for regulatory compliance. Here are two reasons:   1 - You only pen-test once a year. .

In its simplest form, cyber risk is a measurement of your cyber exposure: the probability of a breach, adjusted for the potential loss and damage associated with such a breach. The probability of a successful breach is based on the combined capabilities of your people, technology, and processes; compounded by the skill, tactics, techniques, and technology of your opponent. When defining potential loss and damage, each organization has to define, for their own business, what the potential impact.

Banking firms have cybersecurity needs that blend traditional financial concerns with retail concerns. This leads to unique cybersecurity issues as IT and Security teams attempt to determine how an attacker could leverage well-known infiltration points (phishing, USB devices, etc.) with industry-specific entry areas such as ATM’s.  Lateral Movement Simulation enables thorough testing of security controls and segmentation policies that are designed to prevent network propagation of a threat.

With the increased uptake of automated and continuous security validation, security teams are seeking further value through integrations with security controls and other security programs. By emulating an adversary and launching simulated attacks they discover security gaps and remediate them in addition to increasing the operational efficiency of both security and IT operations.   How the Integration Works Integration with Microsoft Defender ATP is available for both Endpoint Detection and.

“No Thanks." The phone is picked up, “We have a service that does that” says the 5th CISO that day. Welcome to my life. I’m an Inside Sales Representative, at Cymulate, and I speak to dozens of InfoSec Execs a week, and the first thing I hear is that some form of testing is being done, whether it’s vulnerability scanning or pen testing, with no more services required. My challenge is to convince them that it’s worth their while to learn about a new and better approach to security testing. .

A site visitor asked “What is an email gateway attack simulation? How is that different from phishing testing?” Both good questions, let’s have a look: Email Gateway Attack Simulation 101 Email gateways are software and/or appliances that sit between inbound email and your users’ mailboxes. These systems evaluate each inbound email (and often outbound email) that is processed by your company’s email systems.  Evaluations can include looking for phishing-like language, checking any links to.

To paraphrase David Ben-Gurion, the first Prime Minister of Israel: "The most dangerous enemy to ... security is the intellectual inertia of those who are responsible for security." I'm reminded of that particular statement now, as we stand on the edge of a world driven sideways by the specter of disease and economic hardship. We must also face the impact these pressures have had on the overall ability to protect and defend the cybersecurity of business and government data and information.

Cymulate 101: What is Breach and Attack Simulation?  One of our site visitors asked a pretty popular question recently: “What, exactly, is Breach and Attack Simulation (BAS)?” Let’s dive in and have a look at this form of security control testing. So, what are "security controls?” Simply put, a security control is anything that limits the ability of a threat actor to accomplish their goal, or otherwise stop even a legitimate user from doing something they shouldn’t.    Security controls can.

Benefits of Working Remotely As the Novel Coronavirus (COVID-19) has entire countries declaring national emergencies and recommending social distancing; more companies than ever are unexpectedly finding that they must allow employees to work remotely in order to limit the speed of the virus spreading throughout our communities.  Remote work has a great number of benefits - especially during a crisis of this nature - but also comes with significant cybersecurity drawbacks that should be.