blog_hero_02

Blog

Threats that made Fireworks in the Headlines
Eyal Aharoni, July 4, 2019
Read More >
The lead up to this year’s 4th of July has been chockful of cyber events, from cities getting extorted, through triple-threat ransomware, to state-sponsored APT activity. Here’s a recap of last month’s cyber threat highlights. The month started with AMCA (an American billing collections service provider) announcing on June 3 that an unauthorized user had accessed its system containing personal information that AMCA had received from various entities. The personal data of 11.9 million customers,.
Read More >
Seeing the Unseen: Detecting and Preventing the Advanced Persistent Threat
Eyal Aharoni, January 31, 2019
Read More >
In the last few years, APT attacks conducted by individual cybercriminals, organized crime and state-sponsored groups have become prevalent and sophisticated, bypassing standard security controls such as APT, or Advanced Persistent Threat, is a sophisticated attack in which a person or group attains access to a network and remains undetected for an extended period of time.   The DarkHydrus APT Attack Let’s have a closer look at how APT threat actors operate by looking at a recent APT attack,.
Read More >
Abusing Microsoft Office Online Video
Avihai Ben-Yossef, October 25, 2018
Read More >
  **Updated Note: As of November 12th, 2018, Trend Micro has discovered an in-the-wild sample of this logical bug seen in the TROJ_EXPLOIT.AOOCAI, using it  to deliver the URSNIF information stealer (TSPY_URSNIF.OIBEAO).** Cymulate’s research team has discovered a way to abuse the Online Video feature on Microsoft Word to execute malicious code (Read the press release here). Attackers could use this for malicious purposes such as phishing, as the document will show the embedded online video.
Read More >
Cybercrooks are Laughing All the Way from the Bank
Eyal Aharoni, October 19, 2018
Read More >
  Financial services firms are favorite targets for cyber criminals. The firms are a treasure trove of tradeable data varying from credit card credentials, customer information, and corporate data that can be abused or sold on the dark net. Compared to other industries, the financial sector still remains extremely vulnerable. Overall, the chance of a financial institution being breached is 300 times higher than that of other organizations. While US companies in general are attacked around 4.
Read More >
Cybercriminals are Industrious When Hacking Industries
Eyal Aharoni, October 10, 2018
Read More >
  In recent years, cyber-attacks on industrial control systems and critical infrastructure all together have been on the rise. A recent study by Bitkom shows that cyber-attacks cost the German industry almost $50 billion. Those attacks are not limited to Europe’s strong economy. Hackers are known to have manipulated critical industrial safety systems to cause physical damage. This poses a major question: Which sectors are the most critical and at risk? The United States Home Land Security (HLS).
Read More >
Cybercriminals Have an Unhealthy Appetite for Medical Data
Eyal Aharoni, September 26, 2018
Read More >
  Cybercriminals just love targeting healthcare organizations and have been doing it quite often for many years. As can be seen on the table below, during the past couple of months cybercriminals have been working hard on these types of targets. where they hit with ransomware attacks or breach to exfiltrate medical records which they can monetize. These medical records are a treasure trove of information that is easy to sell on the dark web. In contrast to e.g., financial institutions,.
Read More >
Demystifying MITRE’s ATT&CK™ to supercharge cyber defenses - Part III
Eyal Aharoni, July 3, 2018
Read More >
In our first blogpost about MITRE’s ATT&CK™ framework, we explained what it exactly is and how it contributes to cybersecurity. In our second blogpost, we dove deeper into the various features. In this blogpost, the third and final one in this series, we will discuss the future of MITRE’s ATT&CK™ framework as we see it. To recap: ATT&CK™ is a MITRE-developed, globally-accessible knowledge base of cyberattack strategies and techniques that have been detected and reported. This knowledge base is.
Read More >
Unpatched vulnerabilities provide an open door for Cybercrooks
Eyal Aharoni, June 12, 2018
Read More >
Knock knock, whose there? A Cybercrook is exploiting known vulnerabilities to penetrate the organization for an easy picking. The 2018 Open Source Security and Risk Analysis report released by Black Duck Software (a developer of auditing software for open-source security) shows, that the patching of vulnerabilities still leaves much to be desired. The research found that 78% of the codebases examined contained at least one unpatched vulnerability, and an average of 64 known exploits per.
Read More >
Show

Subscribe to Our Blog

Stay up to date with the latest cybersecurity news and tips

By Tag