Author Ian Keller Posted on Categories CISO BlogTags , , , , , , ,   Leave a comment on Pygmy Goat: Don’t Let This “Cute” Critter Fool You

Pygmy Goat: Don’t Let This “Cute” Critter Fool You

Let me tell you something: these Pygmy Goats are the least cute things you’ll encounter this week. They’re not the cuddly farm animals your grandma keeps. No, these Pygmy Goats are cyber punks running amok in the digital world.

They’re targeting critical infrastructure, healthcare, and government agencies like they’re picking candy from a baby. And their weapon of choice? Exploiting vulnerabilities in RDP like it’s a game. It’s the same tired trick every other ransomware gang uses, but hey, if it works, right?

But here’s the real kicker: once they’re in, they encrypt your data and hold it hostage. It’s a digital extortion racket straight out of a cheesy heist movie. Don’t get me wrong, these Pygmy Goats are small, but they pack a punch.

Let me tell you something: these Pygmy Goats are the least cute things you’ll encounter this week. They’re not the cuddly farm animals your grandma keeps. No, these Pygmy Goats are cyber punks running amok in the digital world.

They’re targeting critical infrastructure, healthcare, and government agencies like they’re picking candy from a baby. And their weapon of choice? Exploiting vulnerabilities in RDP like it’s a game. It’s the same tired trick every other ransomware gang uses, but hey, if it works, right?

But here’s the real kicker: once they’re in, they encrypt your data and hold it hostage. It’s a digital extortion racket straight out of a cheesy heist movie. Don’t get me wrong, these Pygmy Goats are small, but they pack a punch.

Author Ian Keller Posted on Categories CISO BlogTags , , , , , ,   Leave a comment on Why are we getting hacked?

Why are we getting hacked?

Listen up, folks. I’m tired of seeing the same old headlines about data breaches. It’s like we’re playing a game of ‘Defend the Castle,’ and we’re using a cardboard sword against a dragon. It’s time to level up our security game.

Listen up, folks. I’m tired of seeing the same old headlines about data breaches. It’s like we’re playing a game of ‘Defend the Castle,’ and we’re using a cardboard sword against a dragon. It’s time to level up our security game.

Author Ian Keller Posted on Categories Threat ActorsTags , , , ,   Leave a comment on Sidewinder: A Comprehensive Look at the India-Linked APT Group

Sidewinder: A Comprehensive Look at the India-Linked APT Group

Sidewinder Cyber Threat Actor, also known as Razor Tiger, Rattlesnake, and T-APT-04, is a sophisticated, state-sponsored cyber-espionage group believed to originate from India. Active since at least 2012, it’s considered one of the oldest nation-state threat actors. While initially known for targeting military infrastructure in Pakistan, recent research reveals a broader range of targets across Asia, Africa, the Middle East, and Europe. This article explores Sidewinder’s typical attack chain, the newly discovered StealerBot malware, and the group’s evolving tactics

Sidewinder Cyber Threat Actor, also known as Razor Tiger, Rattlesnake, and T-APT-04, is a sophisticated, state-sponsored cyber-espionage group believed to originate from India. Active since at least 2012, it’s considered one of the oldest nation-state threat actors. While initially known for targeting military infrastructure in Pakistan, recent research reveals a broader range of targets across Asia, Africa, the Middle East, and Europe. This article explores Sidewinder’s typical attack chain, the newly discovered StealerBot malware, and the group’s evolving tactics

Author Ian Keller Posted on Categories CISO BlogTags , , , , ,   Leave a comment on The Password Era is Dying (Slowly)

The Password Era is Dying (Slowly)

The FIDO Alliance has been dropping some knowledge on the state of digital identity and security. And let’s be honest, it’s a mixed bag.

On the one hand, we’ve got the Credential Exchange Format (CXF), which is like a translator for your digital credentials. It helps your devices and apps talk to each other without getting lost in translation. This is a big deal because it means smoother transitions between platforms and less risk of data loss.

But on the other hand, we’ve got the FIDO Alliance Consumer Barometer 2024, which paints a picture of consumers who are still stuck in the past. Despite the rise of stronger authentication methods like biometrics and passkeys, passwords are still the king of the castle. It’s like people refusing to give up their flip phones when smartphones hit the scene.

The FIDO Alliance has been dropping some knowledge on the state of digital identity and security. And let’s be honest, it’s a mixed bag.

On the one hand, we’ve got the Credential Exchange Format (CXF), which is like a translator for your digital credentials. It helps your devices and apps talk to each other without getting lost in translation. This is a big deal because it means smoother transitions between platforms and less risk of data loss.

But on the other hand, we’ve got the FIDO Alliance Consumer Barometer 2024, which paints a picture of consumers who are still stuck in the past. Despite the rise of stronger authentication methods like biometrics and passkeys, passwords are still the king of the castle. It’s like people refusing to give up their flip phones when smartphones hit the scene.

Author Ian Keller Posted on Categories Threat ActorsTags , , , , , , , ,   Leave a comment on GoldenJackal: The Air-Gapped Assassin

GoldenJackal: The Air-Gapped Assassin

GoldenJackal the cybercriminal, who’s defying the laws (or is it paws) of physics and cybersecurity and like the furry hairball namesake is also expanding its territory. This sophisticated threat actor has managed to breach air-gapped networks not once, but twice, using two separate toolsets designed to infiltrate even the most isolated systems.

GoldenJackal the cybercriminal, who’s defying the laws (or is it paws) of physics and cybersecurity and like the furry hairball namesake is also expanding its territory. This sophisticated threat actor has managed to breach air-gapped networks not once, but twice, using two separate toolsets designed to infiltrate even the most isolated systems.

Author Ian Keller Posted on Categories CISO BlogTags , , , ,   Leave a comment on Marriott’s Massive Meltdown: A Tale of Neglect and Fallout

Marriott’s Massive Meltdown: A Tale of Neglect and Fallout

Marriott, the hotel giant that promised luxury and comfort, has instead delivered a nightmare of data breaches. Over the years, Marriott and its subsidiary, Starwood Hotels, have been a veritable buffet for hackers, leaving millions of customers’ personal information exposed.

The breaches were so egregious that Marriott has agreed to pay a hefty $52 million fine and implement stricter security measures. It’s like a slap on the wrist for a company that’s practically invited hackers to their digital party.

Marriott, the hotel giant that promised luxury and comfort, has instead delivered a nightmare of data breaches. Over the years, Marriott and its subsidiary, Starwood Hotels, have been a veritable buffet for hackers, leaving millions of customers’ personal information exposed.

The breaches were so egregious that Marriott has agreed to pay a hefty $52 million fine and implement stricter security measures. It’s like a slap on the wrist for a company that’s practically invited hackers to their digital party.

Author Ian Keller Posted on Categories CISO BlogTags , , , ,   Leave a comment on The State of SaaS: A Complex Landscape of Opportunity and Risk

The State of SaaS: A Complex Landscape of Opportunity and Risk

The 2024 State of SaaS Security Report highlights the dual nature of SaaS: revolutionizing work while introducing security vulnerabilities. Key issues include decentralized control, lack of visibility, and overlooked SSPM. Organizations should educate employees, establish clear rules, prioritize critical assets, and invest in strong SSPM solutions to mitigate these challenges.

The 2024 State of SaaS Security Report highlights the dual nature of SaaS: revolutionizing work while introducing security vulnerabilities. Key issues include decentralized control, lack of visibility, and overlooked SSPM. Organizations should educate employees, establish clear rules, prioritize critical assets, and invest in strong SSPM solutions to mitigate these challenges.

Author Ian Keller Posted on Categories CISO BlogTags , , ,   Leave a comment on Women in Cyber

Women in Cyber

Saudi Arabia is advancing women’s participation in cybersecurity, aligning with Vision 2030 goals. This initiative enhances digital security and promotes gender equality and economic empowerment. Mentorship programs aim to challenge gender biases, fostering inclusivity. The Kingdom’s strategic efforts, including the National Cybersecurity Authority, are pivotal in protecting its digital infrastructure amidst rapid modernization.

Saudi Arabia is advancing women’s participation in cybersecurity, aligning with Vision 2030 goals. This initiative enhances digital security and promotes gender equality and economic empowerment. Mentorship programs aim to challenge gender biases, fostering inclusivity. The Kingdom’s strategic efforts, including the National Cybersecurity Authority, are pivotal in protecting its digital infrastructure amidst rapid modernization.