Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2022


Are we sure that SOAR is at a crossroads?

I recently had the opportunity to discuss state-of-the-art technologies to support security operations with industry analysts. I asked questions and confirmed that the current view of SOAR (security orchestration, automation and response) and SIEM (security information and event management) goes well beyond the security operation center (SOC).


Targeted npm dependency confusion attack caught red-handed

In recent years, we’ve witnessed a constant increase in the number of malicious packages showing up in various ecosystems. Generally speaking, the vast majority of these packages are benign, as in, they collect information, but don’t do harm to the infected machine. Once in a while, however, we do encounter a truly malicious package that has a purpose, means, and is production-ready — this is a story about one of them.


Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine

As part of our regular Dark Web and cybercriminal research, Trustwave SpiderLabs has uncovered and analyzed postings from a politically motivated, pro-Russian ransomware group named Stormous. The group has recently proclaimed support for Russia in its war with Ukraine, attacking the Ukraine Ministry of Foreign Affairs and allegedly obtaining and making public phone numbers, email addresses, and national identity cards.


Where to store your 1Password Emergency Kit

In case of emergency – that is, forgetting your login for 1Password, or someone else needing to get in – the 1Password Emergency Kit can truly save the day. This short and sweet document keeps all the necessary details for getting into your account in one place. But you shouldn’t need to break glass to retrieve it (which is a huge pain to clean up, not to mention dangerous). Here’s how to keep your Emergency Kit both safe and accessible.

Webinar: Elevating Your MSP Security Practice with a Unified Security Platform - 28 Apr 2022

You’re tired of struggling with disjointed security information, incomplete integrations, and too much time and energy spent with multiple security vendors. These aren’t minor headaches of a managed services business, they ultimately drain efficiency and profits, and many are considering vendor consolidation as the answer.

Ransomware costs show prevention is better than the cure

If your company is worried about the financial hit of paying a ransom to cybercriminals after a ransomware attack, wait until they find out the true cost of a ransomware attack. Because the total costs of recovering from the ransomware attack are likely to be much, much higher. That’s the finding of a new study by researchers at Check Point, who discovered that the average total cost of a ransomware attack is more than seven times higher than the average ransom paid.


On terminals and sessions

In this post I will be announcing a new open source project: Teleport Connect. It is a dedicated secure web browser for accessing cloud infrastructure. But first, let me explain why we've decided to build it, starting with a bit of historical context. As a kid I have always enjoyed imagining the process of programming to having a conversation with a machine. The REPL loop is the most obvious example of this interaction. As our code grows it no longer fits in a REPL environment.

What does XDR mean for your organization?

As one of the hottest new buzzwords in the infosec space, XDR means many things to many people. This talk will discuss all of the possible components of an XDR solution through the lens of SOC operations, laying out the pros and cons of various approaches such as SaaS vs on-premise, specialized vs general tooling, etc. for organizations of different size, funding, and maturity levels. Best practice suggestions will be provided throughout, from general principles to specific integration code.

Unify endpoint and network evidence

Unmanaged endpoints, vendor security appliances, cloud instances, and IoT devices often lack endpoint protection, creating hiding places that attackers exploit. Using Humio to correlate Falcon endpoint data with Corelight network evidence improves detection capabilities for all of your devices, and makes investigators and hunters faster.

4 Reasons Companies Are Adopting a Vendor Consolidation Strategy

According to Gartner, by 2025, 80% of enterprises will have adopted a strategy to unify web, Cloud services and private application access from a single vendor’s security service edge (SSE). We know that cybersecurity is a top priority for IT funding. Business owners and CISOs need to invest in security technologies in a way that will drive resilience and promote productivity among their – probably largely digital – businesses.