Being untraceable, untouchable, and ungovernable is a key part of the myth and mystique of ‘hackers’. Sure enough, the ability to hide has always been a central part of the hackers’ MO in both the physical and digital world. At Bulletproof, we’re no strangers to the insidious nature of hackers.

Major companies and services were hit by data breaches this week. Some of the breaches were caused by internal mistakes, others were the result of coordinated gang attacks, and some were issues with outside services. All the different attack types make it clear that no matter how you run your business, there are data risks you must look out for, and as a consumer, you have to be careful to monitor your credit and finances closely.

Attackers go through several stages to make an attack successful. And the last line in the defense system they aim to break is the command and control (C2). C2 attacks are a severe threat to organizations of all sizes and types because, if successful, adversaries can steal all your valuable data. To protect against these attacks, you should implement a security framework and robust policies, including technical and organizational measures.

CrowdStrike announced on 3/29/2023 that an active intrusion campaign was targeting 3CX customers utilizing a legitimate, signed binary, 3CXDesktopApp (CISA link). As the investigations and public information came out publicly from vendors all across the spectrum, C3X customers of all sizes began investigating their fleet for signs of compromise. These campaigns are often referred to as supply chain compromises, or MITRE ATT&CK T1195.

Cloud privilege escalation is a growing concern for organizations as they embrace cloud-based infrastructure and services. To address the risks associated with privilege escalation, it's vital to implement robust security practices. In this post, we’ll cover privilege escalation as it relates to cloud security risk and the best practices for mitigation.

Cybersecurity has become a top priority for organizations across all industries and sizes. To safeguard their sensitive data and assets from the ever-evolving threats of cyberattacks and data breaches, businesses must take a proactive approach. Adherence to industry-specific cybersecurity regulations and frameworks is a critical component in building a robust and comprehensive cybersecurity program.

In a world with increased regulation, uncertainty in the banking business due to the climate or unforced errors, and liquidity concerns, the capability for risk management departments, auditors, and compliance departments to have timely access to reports and data that drive their decisions becomes more important than ever. Saying that you have enough data points is like saying you have enough security.

OpenAI’s ChatGPT was forced to halt service for a few hours earlier this week in order to fix an issue in an open-source library. The vulnerability may have exposed some users’ payment data. The company published a blog post on March 24, 2023, explaining what lead to the data breach and why it was temporarily offline.