A succinct summary The Top 250 MSSPs and associated survey respondents continue to expand more quickly than the managed security market as a whole. In fact, respondents to the survey anticipate that annual MSSP revenues will increase by 26% in 2022 compared to 2021, or nearly twice the market growth rate. MSSP growth is being… Continue reading A CyberRisk Alliance Resource, MSSP Alert – TOP 250 MSSPs Services Providers 2022 edition
Month: September 2022
Threat actors gained access to the personal data of tens of thousands of Revolut customers as a result of a cyberattack
Over the weekend, the financial technology company Revolut was the victim of a “highly targeted” cyberattack in which threat actors gained access to the personal data of 0.16% of its users (approximately 50,000 users).The business claims to have already spoken with the affected customers. A cyberattack on Revolut resulted in unauthorised access to the personal… Continue reading Threat actors gained access to the personal data of tens of thousands of Revolut customers as a result of a cyberattack
$3,500 for Starbucks Cofee Data with Name, Gender, DoB, Mobile No., Email and Address
The Straits Times discovered that 330,000 Singaporean Starbucks customers’ personal information had been compromised and sold on an online forum since September 10. On Friday, the coffee chain sent an email to the affected customers informing them of a data breach that had exposed their names, addresses, and email addresses. Upon being questioned about whether… Continue reading $3,500 for Starbucks Cofee Data with Name, Gender, DoB, Mobile No., Email and Address
BARK: A PowerShell script was created to aid the BloodHound Enterprise team in locating and regularly validating abuse primitives.
BloodHound Attack Research Kit is referred to as BARK. It is a PowerShell script created to help the BloodHound Enterprise team find and keep track of abuse primitives. At the moment, BARK is concentrated on Microsoft’s Azure family of goods and services. There are no external dependencies needed for BARK. The functions of BARK are… Continue reading BARK: A PowerShell script was created to aid the BloodHound Enterprise team in locating and regularly validating abuse primitives.
The Azure Threat Research Matrix is explained
It’s typical for the assessment team to cite the MITRE ATT&CK knowledge base when conducting an offensive security assessment so that high-level stakeholders can see visually which techniques were effective and administrators and defenders can comprehend the techniques used in order to correct or defend against them in the future. But there is no official… Continue reading The Azure Threat Research Matrix is explained
Beta Mobile Sub-Techniques, Structured Detections, and ICS Join the Band as ATT&CK Upgrades to Version 11
The most recent ATT&CK release is now available, and this time They have upgraded to version 11! There shouldn’t be any major surprises if you’ve been following their roadmap, but they wanted to take this opportunity to go over their most recent updates. A beta version of the sub-techniques for ATT&CK for Mobile and ATT&CK… Continue reading Beta Mobile Sub-Techniques, Structured Detections, and ICS Join the Band as ATT&CK Upgrades to Version 11
Uber employees believed the alleged teen hacker attack was a joke.
The world’s largest ride-hailing company, Uber, shut down a portion of its operations late on Thursday after learning that its internal systems had been compromised. According to the company, the attacker was able to socially engineer his way into a worker’s Slack account before making a deeper foray into the network. While the full scope… Continue reading Uber employees believed the alleged teen hacker attack was a joke.
Dufflebag
A tool called Dufflebag developed by dan-bishopfox Dan Petro and bmoar Ben Morris looks through open Elastic Block Storage (EBS) snapshots for information that might have been unintentionally left inside. The amount of passwords and secrets that are just lying around might surprise you! Due to the fact that reading EBS volumes in practice isn’t particularly simple,… Continue reading Dufflebag
Portuguese NATO documents discovered for sale online
The National Security Office is still determining the extent of the damage, but EMGFA, secret military, and MDN computers are suspected of being involved in the security lapse that made it possible for secret NATO documents to be exfiltrated. In order to receive and send classified documents, the General Staff of the Armed Forces has… Continue reading Portuguese NATO documents discovered for sale online
A significant data breach on the streaming service Brand New Tube exposed users’ names and IP addresses.
A significant security flaw has been discovered on BrandNewTube, a YouTube alternative that was founded in the UK.Several users who received an email that revealed their names, genders, emails, and IP addresses have gotten in touch with us.The email also specifically criticizes Mohammad Butt and Sonia Poulton for failing to take the appropriate action in… Continue reading A significant data breach on the streaming service Brand New Tube exposed users’ names and IP addresses.