November 29, 2021
Now that the dust has settled around CVE-2021-34527, also known as PrintNightmare, we thought we’d use it as an example of how DeepSurface can reprioritize even the highest priority vulnerabilities, saving you and your patch team hours of effort. For this blog post, you don’t need to know anything about PrintNightmare other than it was nearly ubiquitous, there are dozens of exploits in the wild, and that it’s fairly easy to remediate.
November 16, 2021
We’re excited to announce the general availability of DeepSurface Risk Analyzer v2.6! There are a ton of changes under the hood, but we wanted to let you know about a few key improvements.
October 27, 2021
We’re familiar with red teaming and blue teaming, but have you heard about purple teaming? This blog dives into facts you may not be aware of around this new team construct meant to foster collaboration between red and blue teams for a stronger cybersecurity practice.
October 21, 2021
ESG has just released the key findings of its cybersecurity hygiene and posture management survey, and in a poll of 400 cybersecurity professionals in North American enterprises, the number one action respondents said would improve cybersecurity hygiene? You guessed it: continuous security control validation.
October 15, 2021
Recently, AttackIQ was notified that an Iranian threat actor had created a fake domain and fraudulent website (attackiq[.]ir) impersonating AttackIQ and abusing the company brand. This blog is an account of what happened and how AttackIQ responded, and it aims to provide insights to help organizations prepare to deal with similar Brand Reputation Abuse situations.
October 6, 2021
The rapid growth in our company isn’t just because we have the best platform for breach and attack simulation (we do). It’s because no other company is as invested as we are in helping you build a threat-informed defense practice that delivers measurable results.
October 4, 2021
To echo a famous Russian proverb, “trust but verify,” it’s not enough to implement a zero trust architecture. Continuous testing is the only way to achieve real cybersecurity readiness.
September 30, 2021
As organizations react to constantly changing and challenging situations today, they need to be confident they can still meet their business objectives while controlling risk.
September 28, 2021
Firefox is vulnerable to local privilege escalation (LPE) attacks under certain conditions on Windows platforms. This would allow an attacker to perform a local privilege escalation attack against Firefox users using the same Windows system. Through our responsible disclosure program Mozilla was contacted, and full technical details were provided, but has ultimately chosen not to fix this vulnerability.
September 23, 2021
Although ransomware can have devastating effects regardless of which industry vertical an organisation is part of, the healthcare industry has particularly paid a heavy price in recent times.
September 22, 2021
A landmark innovation from MITRE Engenuity’s Center for Threat-Informed Defense maps cloud security controls in AWS and Azure to MITRE ATT&CK®, elevating cybersecurity effectiveness.