I'm a cybersecurity marketer with expertise writing about endpoint, cloud, zero trust, ASM, red teaming, threat intel, and third party risk management.
Source Available 101: How to Counter This Confusing License Category
Understanding the different types of software licensing can be complex. Proprietary softwatre licenses and open source software licenses are relatively easy. But there’s a third category: source available licenses. These are possibly the most confusing license category. Source available software falls in between commercial and open source licenses. They’re not exactly proprietary and not exactly fully open.
Where it becomes most confusing is that source available licenses look a lot like open...
The Rising Cloud Tide and Attack Surface Management
As the use of the cloud has expanded, an organization’s attack surface, the sum of all potential digital doorways into the organization, has seen a corresponding increase. The average enterprise now uses over 1,400 distinct cloud services – a number that has tripled over the past five years. Cloud-first strategies have invaluable benefits to an organization, but they also increase the complexity of their digital environment and lead to more exposures in more places than ever before.
According...
6 Tips To Monitor Remote Employees in 2023 — Ethically and Effectively
Corporate data outside the network has always posed a security risk, but with more people working from anywhere, the issue has taken on increased urgency.
Enter remote employee monitoring. The practice of monitoring remote employees has made extensive news in recent years, especially since the first COVID-19 pandemic lockdowns. There is an overall negative perception of the idea, with critics claiming invasion of privacy as the main issue around monitoring remote workers.
Despite the bad rap ...
Unlock the Full Potential of Open Source (with FossID)
Open source software is a major component of modern development. Using open source code empowers dev teams to accelerate their…
Open source software is a major component of modern development. Using open source code empowers dev teams to accelerate their delivery timelines and ship finished products more efficiently. In a highly competitive business world, companies need all the advantages they can get. Using open source code allows product-focused organizations to achieve their goals around ...
What Are Event Logs and Why Do They Matter?
Logs are everywhere. Which is good because they’re a critical piece of operations work in computing, whether you work in DevOps, security operations, or IT operations. Analyzing logs helps with many different aspects of the technical support of devices, users, applications, and more. They can determine where authentication is happening, how applications work, whether a system crashed because of malicious actions or some other malfunction.
To understand the value in an event log, first let’s t...
How Endpoint Isolation Locks Down Cyber Attacks
When threat actors gain a foothold on an endpoint, security teams need to act fast to resolve the problem. One of the most efficient methods of threat defense is endpoint isolation, a practice where all traffic to and from an infected endpoint is halted. This approach is very effective for threat defense, especially because it prevents the infection from spreading throughout the corporate network.
What Is Endpoint Isolation?
Endpoint isolation is, in simple terms, the act of cutting off all t...
The Professionalization of Ransomware: How Gangs Are Becoming Like Businesses
This report was created in concert with LookingGlass Cyber's intelligence and analysis team to take a deep-dive into ransomware actor activity in H1 2022. As part of joint analysis, we discovered that the biggest provable trend is the sheer professionalization of the average ransomware gang.
I drove strategic direction on the copy and the design of the report, as well as the email copy and landing page copy.
Professionalizing Ransomware: Threat Actors Adopting Legitimate Business Practices
Ransomware has long been among the most significant threats to the modern enterprise. First with encrypting data and extorting a fee for the key – where the term “ransomware” comes from – to now double and triple extortions becoming increasingly common. These changes have driven the rise in ransom demands to an average of over $800,000 according to Sophos data and contributed to the more than 1,100 attacks that LookingGlass tracked in the first half of 2022.
Most concerning in this current en...
Balancing Technical Threat Intel Analysis (“Nerdspeak”) with Strategic Insights for Executives
The demand for threat intelligence and knowledge about active threats facing your systems continues to grow. In fact, the threat intelligence software and services market is expected to be valued at $26.15 billion by 2028. After all, if you know who’s targeting your organization and with what sort of attack, you can better defend critical business systems.
Despite these market signals, it can be challenging to gain alignment from senior executives on the value of threat intelligence or – in s...
Attack Surface Management: How 2022 Will Be the Year of ASM
Having a clear view of which assets are exposed and the risk they pose has long been recognized as foundational to an effective security program (CIS 1, 2, and 7). However, investigations into recent data breaches have shown that despite increased investment, enterprises continue to struggle with effective attack surface management. Without proper visibility, security teams cannot accurately measure their security risk, making it difficult to reduce risk on their attack surface.
The fact is, ...
Log4J in Focus
On December 9, 2021, the Log4j vulnerability, tracked as CVE-2021-44228, was publicly revealed via the project’s GitHub. More than 2.5 billion devices running Java, coupled with the fact this vulnerability is extremely easy to exploit, means the impact is likely very far reaching.
This eBook covered everything Randori knew about log4j in December 2021. This is a highly dynamic situation, and guidance that was valid and correct at one point can very quickly become outdated.
DECAF Ransomware: A New Golang Threat Makes Its Appearance
Morphisec Labs has tracked a new Golang-based (1.17) ransomware variant that appeared starting in late September and continued development through October
Morphisec recommends organizations update their breach prevention strategies to include the risk of Golang-based ransomware
Introduction
Ransomware written in the Go language is quickly becoming more popular among threat actors. These include Babuk, Hive, and HelloKitty, as well as many other threats written in Golang. “Go” is a statically ...
Explosive New MirrorBlast Campaign Targets Financial Companies
Morphisec Labs tracked a new MirrorBlast campaign targeting financial services organizations
MirrorBlast is delivered via a phishing email that contains malicious links which download a weaponized Excel document
MirrorBlast has low detections on VirusTotal due to the extremely lightweight macro embedded in its Excel files, making it particularly dangerous for organizations that depend on detection-based security and sandboxing
Introduction
Financial organizations are historically among the mo...
New Jupyter Evasive Delivery through MSI Installer
In 2020, Morphisec introduced the Jupyter infostealer, a .NET attack that primarily targets Chromium, Firefox, and Chrome browser data while also maintaining the additional capabilities of a backdoor.
Since that time, Jupyter has remained active and highly evasive. It has continued to receive very low to zero detections in the VirusTotal database, maintaining the ability to bypass detection solutions.
Then, on 8 September 2021, we identified a new delivery chain within Jupyter that passes und...
It’s Time to Re-Evaluate Your Ransomware Prevention Strategy
Increasing numbers of headline-grabbing ransomware attacks are a concerning trend. They also point to a strong possibility that many organizations are falling behind threat actors in the cybersecurity arms race. As they fail to reassess their approaches to cybersecurity, organizations open themselves up to attacks that can be devastating and, in some cases, life-threatening.
On the 17th of September, a patient in Dusseldorf, Germany, died after a ransomware attack crippled the hospital she ha...