July 29, 2021
How do you improve your security posture by standing up a purple team strategy? Here are 10 important things to keep in mind from the Purple Teaming for Dummies eBook.
July 16, 2021
The purple team construct is changing cybersecurity for the better. Here is how you build, lead, and manage effective purple team operations.
The Kaseya VSA REvil Ransomware Supply Chain Attack: How It Happened, How It Could Have Been Avoided
July 13, 2021
On July 2, 2021, the REvil ransomware group successfully exploited a zero-day vulnerability in the on-premise Kaseya VSA server, enabling a wide-scale supply chain cyber attack. Let’s dig in and see how the attack happened, how attack emulation could have helped, and what you can do to implement a threat-informed defense strategy to prepare yourself for similar threat actor behavior.
July 9, 2021
CFOs are often perceived as gatekeepers to the company’s cash coffers. With different functional leaders vying for project investments, it is true that the role of the CFO is to help prioritize the company’s spend, based on the business growth plan and trajectory.
July 2, 2021
Node.js is a popular back-end JavaScript runtime environment built on the V8 engine. As part of our internal security research, we discovered numerous products in production environments installed with insecure permissions. One of these products was Node.js, and we decided to investigate further.
June 24, 2021
This past week, AttackIQ launched its inaugural Purple Hats Conference—where more than 3,000 cybersecurity practitioners, partners, and pros joined to collaborate, share ideas, and learn how to evolve from a reactive to proactive threat informed defense strategy.
June 22, 2021
For years, users struggled to put MITRE ATT&CK into practice. With the release of ATT&CK Workbench today, defenders can far better ensure that their threat intelligence is continually aligned with the public ATT&CK knowledge base. See how and why.
June 22, 2021
There are a number of ways that the MITRE ATT&CK framework can be used in your cybersecurity practice. Here are 10 of the most important as laid out in the MITRE ATT&CK for Dummies eBook.
June 9, 2021
RabbitMQ is a popular open source message broker, used worldwide by companies like T-Mobile and SolarWinds. Its flexibility and speed makes it easy to integrate with other applications, such as SolarWinds Orion Platform. Since we previously reported CVE-2021-29221 against the popular programming language Erlang, we suspected RabbitMQ would be vulnerable to a similar local privilege escalation attack.
June 2, 2021
Atlassian Confluence Server is a popular web-based corporate content management system, allowing remote teams to collaborate efficiently on projects. With over sixty thousand customers including Docker, Linkedin, and Twilio, vulnerabilities in Confluence could have a significant impact on a large user base.
June 1, 2021
Today, we’re excited to announce the release of DeepSurface 2.2! Release 2.2 brings some exciting new features and changes in the form of tags and some UI/UX updates that make the product even easier to use.
April 30, 2021
We’re thrilled to announce DeepSurface 2.1, an improvement on DeepSurface 2.0 that makes it even easier to use. We’ve reorganized some things, added different nomenclature for increased efficiencies allowing you discover and remediate risk even faster.
April 26, 2021
The goal is greater visibility and effectiveness.
April 13, 2021
Octopus Deploy is a popular DevOps automation platform that enables teams to more efficiently manage configuration, API keys, and permissions. Octopus Server allows users to self-host this platform, and is installed as a service on the host. This service runs as Local System and is a very impactful target for local privilege escalation exploits.
April 9, 2021
In advance of the new Biden administration cybersecurity executive order, it’s time for the federal government to get proactive about cybersecurity. Deploying a validated zero trust architecture for the U.S. government’s most critical high-value assets is an aggressive but achievable goal.
April 6, 2021
Our mission is to equip cybersecurity teams with the best predictive vulnerability prioritization platform and allow them to quickly identify and reduce more cybersecurity risk every day. To that end, we’re proud to announce the release of DeepSurface 2.0!
April 4, 2021
Erlang is a popular general-purpose programming language and runtime environment, with support for concurrency commonly found on many distributed systems. When distributed on Windows machines, the Erlang emulator can also be run as a service with the erlsrv.exe command. This seems to be commonly used with popular software, such as CouchDB.
March 23, 2021
AttackIQ’s new architecture upgrade makes it possible for customers to emulate comprehensive, multi-stage adversary cyberattack campaigns with realism and specificity, at every step in the kill chain. Check it out.
March 17, 2021
AttackIQ has added Atomic Red Team to our assessment library, bolstering our testing capabilities to further improve our customers’ security effectiveness.
February 23, 2021
After SolarWinds, organizations need visibility into their security program effectiveness against real world threats. Automated adversary emulations can help meet that need. By generating real data about how your security program performs against menuPass, you can see security failures, make data-informed adjustments, and plan smart investments to optimize your security. Check out the new emulation plan from MITRE Engenuity’s Center for Threat-Informed Defense and AttackIQ.