AWS Cloud Migration Best Practices
To help ensure a smooth transition to AWS, we’ve outlined several best practices to follow during migration and the pre- and post-migration phases. While every organization’s migration is unique, these practices will help manage the most common challenges and increase your chances of achieving your desired outcome.
How to Perform a Cybersecurity Risk Assessment
A robust cybersecurity program relies on understanding the organization’s risk posture. In today’s digitally connected world, data breaches have become an issue of when an organization will experience one, not if it will happen. With that in mind, evaluating and measuring risk is critical to becoming cyber resilient. Knowing how to perform a risk assessment and understand how it enables resiliency is mission-critical.
What You Need to Know About HITRUST Compliance
Short for Health Information Trust Alliance, HITRUST compliance helps health organizations maintain compliance with HIPAA regulations.
3 Tips to Strengthen AWS Container Security
Enhance the security of your AWS container deployment for swift and reliable operations. Discover effective strategies to fortify AWS container security and ensure a robust deployment environment.
The Essential Steps of Cloud Migration Security
Unlock the full potential of your business with seamless cloud migration. Safeguard your transition with expert insights on ensuring the security of your new digital ecosystem. Explore the essentials of cloud migration security to empower your business transformation securely.
What is NIST Compliance?
Unlock the potential advantages of adhering to NIST standards for your business, irrespective of your involvement with federal agencies. Explore the impact of NIST compliance on organizational benefits in this insightful article.
Speed, Shakespeare Allow for Exploitation of Zero Days
This is a flavor of attackers who use remote code execution exploits (RCE) targeting Linux machines to upload crypto miners to vulnerable Linux systems.
APT Hides Among an Emerging Threat Land Grab
The ice cream blog series continues by documenting another activity cluster first observed in our dataset in 2019. This threat cluster has been well documented in the security community with, APT41, Lead, Wicked Panda, and Vanadinite demonstrating significant overlap in activity, making it likely that each represents activity involving the same threat group. We are grateful for the contributions of these and other threat researchers who have helped inform the security community’s understanding of this actor.
Explore Project Ice Cream Threat Activity Clusters
Human-led treat hunting is an integral part of our security analytics development, both to continuously improve coverage of the ever-expanding attack surface while also eliminating false positives. This approach enables us to catch the next occurrence as and when it happens. Over time we have developed a deep understanding of threat group activity clusters that have improved analysis time and informed comprehensive remediation plans.
Adversary Using Public Hosting Exploits Emerging Threats
Threat activity cluster, Strawberry, appears to favor two primary exploits for gaining entry onto a vulnerable machine, Apache Solr remote code execution (RCE) vulnerability (CVE-2019-17558) and a Confluence OGNL exploit (CVE-2021-26084).
Sophisticated Adversary Capitalizes on Citrix ADC Servers
The threat activity cluster, Mint with Sprinkles, exploits Windows machines following Mint’s earlier success in exploiting Linux machines running the Citrix Application Deliver Controller (ADC).
Cloud-Based Adversary Capitalizes on Confluence Servers
In the next edition of our ice cream activity cluster blog series, we’re shining the spotlight on another historic actor that undertook a significant remodeling of their tactics, techniques and procedures (TTPs) when they expanded their target scope to include Windows machines.