Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SafeBreach

Original Attacks: SafeBreach Labs Discovers Previously Unknown Attack Methods

Researchers at SafeBreach Labs have recently discovered several novel attack methods which can circumvent common security controls and execute some jaw-dropping malicious actions including: SafeBreach threat researchers have successfully executed and verified each of these attack methods, however none have been used in the wild at this point.

SafeBreach and Recorded Future: Operationalizing Threat Intelligence with Breach and Attack Simulation

Modern enterprises have adopted more offensive measures to protect their organizations from evolving cyber threats. As a result, many security teams are looking to breach and attack simulation (BAS) and threat intelligence (TI) tools to enhance their programs and work more efficiently.

Voices from Validate: Bridging the Gap - Communicating Security Risk to the Board

SafeBreach recently held its second annual Validate Summit at The Star in Frisco, Texas, where SafeBreach customers, cybersecurity experts, and influencers explored how enterprises can stay ahead of risk and safeguard their critical business assets from inevitable cyberattacks by implementing proactive security practices. One hot topic was communicating security risk to the board.

Simplify Cyber Insurance (and Potentially Save Some Money) With Breach and Attack Simulation

Shifts in the threat landscape have caused cyber insurance providers to rethink how they offer and price their coverage. The result has been stricter underwriting requirements, more exclusions within coverage, and a dramatic increase in premiums. Tougher underwriting requirements have also put pressure on security and risk leaders to more thoroughly validate their security controls as enterprises are applying for, or renewing, their coverage.

Attack Surface Management (ASM) - What You Need to Know

In the ever-evolving realm of cybersecurity, it’s critical for businesses to stay ahead of the curve to ensure the safety of their sensitive data and infrastructure. By implementing proactive and continuous testing of the deployed security controls, teams can optimize their preparedness against advanced threats. It’s no surprise, then, that attack surface management has emerged as a potential solution.

Truebot Malware: SafeBreach Coverage for US-CERT Alert (AA23-187A)

On July 6th, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released an advisory highlighting the newly identifying Truebot malware variants. Truebot (also known as Silence Downloader) is a botnet that has been used by the CL0P ransomware gang to collect and exfiltrate stolen target victim information.

Cactus Ransomware, BlackSuit, and more: Hacker's Playbook Threat Coverage Round-up: June 29, 2023

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including Cactus ransomware and BlackSuit ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

HiBob - Can You Please Share Customers' Data?

As part of our ongoing commitment to conducting original research and maintaining an up-to-date Hacker’s Playbook, the SafeBreach Labs team is dedicated to uncovering new threats. My recent research focused on searching for vulnerabilities and design issues in the API security domain in line with this objective. As a result, we discovered a security vulnerability in the popular HR information system (HRIS) platform called HiBob.

MOVEIt Vulnerability: A Painful Reminder That Threat Actors Aren't the Only Ones Responsible for a Data Breach

The MOVEIt data breach continues to impact a number of both private and government groups across the US and Europe by exposing confidential data. With breaches like this becoming increasingly common, it can be easy to blame advanced persistent threat (APT) groups and other malicious actors; however, there is a valuable lesson to learn from the MOVEit breach: it is essential to be proactive about these threats, Not doing so may lead to a breach.