The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance
by Gary S. Miliefsky, CISSP, fmDHS I came up with this model to simplify cybersecurity, resiliency and regulatory compliance for…
Amazon confirms employee data breach after vendor hack
Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked…
Malicious PyPI package with 37,000 downloads steals AWS keys
A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web…
Spotlight on Dashlane
Dashlane is the leading enterprise credential manager that secures access and proactively protects against breaches. In an era where painfully…
Chinese APTs Cash In on Years of Edge Device Attacks
The sophisticated Chinese cyberattacks of today rest on important groundwork laid during the pandemic and before.
‘Midnight Blizzard’ Targets Networks With Signed RDP Files
The Russian-backed group is using a novel access vector to harvest victim data and compromise devices in a large-scale intelligence-gathering…
Detection Engineering in Post SIEM and SOAR World
A few years back, my security team was tasked to create and maintain a green field environment for FEDRAMP compliance.…
Russia’s APT29 Mimics AWS Domains to Steal Windows Credentials
Kremlin intelligence carried out a wide-scale phishing campaign in contrast to its usual, more targeted operations.
Amazon seizes domains used in rogue Remote Desktop campaign to steal data
Amazon has seized domains used by the Russian APT29 hacking group in targeted attacks against government and military organizations to…
AWS’s Predictable Bucket Names Make Accounts Easier to Crack
Amazon's open source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.