In this blog in the IT security under attack series, we will learn about an advanced Active Directory (AD) domain controller (DC) attack to obtain persistence in AD environments.Dubbed DCShadow, this is a late-stage kill chain attack that allows a threat actor with admin (domain or enterprise admin) credentials to leverage the replication mechanism in […]
How a mobile device management solution can help with securing devices in the digital workspace
The past decade has witnessed many organizations adapting to a digital workspace, replacing the traditional physical offices setups with virtual workplaces encompassing all the technologies that employees require to get their work done. Because of the pandemic, even companies that were once against the concept of a distributed workforce have now been forced to embrace […]
Five worthy reads: Preparing an incident response plan for the pandemic and beyond
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. With the rising concern over cyberattacks in the distributed workforce, this week we explore the concept of cybersecurity incident response during a pandemic.The new normal of a distributed workforce has given rise to advancements in the […]
Crowdstrike: “More Cyberattacks in the First Half of 2020 Than in All of 2019”
According to a recent study conducted by cybersecurity firm CrowdStrike, recent threat activity throughout its customers’ networks has shown more intrusion attempts within the first half of 2020 than in all of 2019.This may be due to the pandemic and subsequent lockdown measures forcing employees to mass shift to teleworking. This may also be due […]
5 tips to avoid cyberattacks on EdTech platforms
As the COVID-19 pandemic rages on, many educational institutions have been forced to shift their on-campus classes to online classes. Various EdTech platforms have also launched free classes that have prompted students to try their hands on digital education. With more students turning to online learning than ever, these platforms have emerged as a lucrative […]
Unfolding the Twitter security incident
In case 2020 wasn’t dystopian enough, here’s some more unbelievable news. On July 15, 2020, social media giant Twitter admitted it fell victim to a security breach.The attackers targetted 130 Twitter accounts, including several belonging to high-profile individuals such as elected officials; former president Barack Obama; and business leaders including Bill Gates, Jeff Bezos, and […]
Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource
A new wave of attacks on GitHub users via app developer DeepSource has raised concerns over access to user credentials and development code.I’ve written about phishing attacks targeting GitHub users previously. But this month, users of GitHub partner DeepSource were notified of a security incident in which at least one of DeepSource’s employee credentials had […]
1 in 3 Employees Rarely or Never Think About Cybersecurity
Eye-opening data around the impact of human error demonstrates how simple user mistakes can compromise your organization’s cybersecurity posture.It’s something we all know – employees that aren’t paying attention to corporate security aren’t helping. But new data from email security vendor Tessian quantifies this notion with some pretty surprising data. In their Psychology of Human […]
Five worthy reads: Embracing Zero Trust during a pandemic
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. With the rising concern over cybersecurity in remote work, this week we explore the concept of the Zero Trust model in cybersecurity.The traditional concept of network security involved classifying networks into internal and external networks separated […]
Your return-to-the-office cybersecurity checklist
The novel COVID-19 pandemic has changed the way organizations work. The sudden transition to remote work has forced organizations to look for temporary fixes to bridge the gap, leaving their endpoints exposed to an unprecedented threat landscape. Insecure internet connections, a lack of perimeter security, and the inability to implement effective security policies have made […]