Interesting article from the NCSC regarding the targeting of SoHo devices by nation state actors: https://lnkd.in/e4qnD7Pj This is an attack vector overlooked by many organisations but something we have seen exploited numerous times over the years (how many server rooms have you seen with a Synology/QNAP NAS for lab backups or a SoHo router for ADSL backup lines etc). We go beyond the "rinse and repeat" threat models/security assessments to accurately understand your threat model from an attackers standpoint: https://lnkd.in/enVssR7d #cybersecurity #state-sponsoredattacks #APT40
ThreatLight
Computer and Network Security
Dover, Delaware 358 followers
Protect What Matters Most
About us
ThreatLight provides proactive Cybersecurity solutions to protect organizations from advanced threats. Utilizing AI-driven technology and deep real-world expertise, we offer comprehensive services, through preemptive defenses through to rapid Incident Response and post breach recovery. Our mission is to enhance resilience and secure business operations globally. Our AI and ML-powered Targeted Detection and Response platform safeguards business continuity and critical assets. Our global team ensures swift, efficient responses to minimize disruptions. Committed to effective cybersecurity, we focus on delivering measurable benefits that strengthen your business and annually reduce the attack surface. For more information visit ThreatLight.com
- Website
-
https://www.threatlight.com
External link for ThreatLight
- Industry
- Computer and Network Security
- Company size
- 2-10 employees
- Headquarters
- Dover, Delaware
- Type
- Privately Held
- Founded
- 2024
- Specialties
- Compromise Assessment , Cyber Resilience Consultancy, Targeted Detection and Response (TDR), CyberSecurity Due Diligence, Post-Breach Recovery Consulting, Cybersecurity Training & TableTop Exercises, Custom Security Program Development, Red Team, Incident Response, Critical Infrastructure Platform, Computer Forensics, Threat Hunting, and Post Breach Recovery Consulting
Locations
-
Primary
Dover, Delaware, US
-
Tokyo, JP
-
London, GB
Employees at ThreatLight
Updates
-
The recent cyberattack on Kadokawa Group, as reported by Kadokawa Corporation itself and across the Japanese media, highlights the critical need for robust cybersecurity measures to protect essential assets. This incident underscores the significant risk to critical business infrastructure, emphasizing the urgent requirement for enhanced cyber resilience. The Kadokawa Group incident is a stark reminder of the importance of timeliness and speed in cybersecurity. Swift and effective incident response is crucial to minimizing damage and restoring operations. ThreatLight’s solutions are designed to ensure that our clients can respond rapidly and efficiently to a cyber threat, safeguarding their critical assets and maintaining operational continuity. Our AI-driven technology and real-world expertise enable us to offer comprehensive services, from preemptive defenses to post-breach recovery. More importantly for this case, a next-generation Incident Response strategy that operates at unmatched speed makes a dramatic difference in the outcome, level of damage and time to recover. For more details on the incident and its implications, you can read the article on Asahi Shimbun: https://lnkd.in/eacUunVt Link to the press release in comments #CyberAttack #Ransomware #KadokawaBreach #DataBreach #CyberSecurity #CriticalInfrastructure #IncidentResponse #BusinessContinuity
More Kadokawa data leaked as deadline for ransom passes | The Asahi Shimbun: Breaking News, Japan News and Analysis
asahi.com
-
This is the most serious SSH vulnerability we’ve seen in a while: https://lnkd.in/edQPE4Pp. The exploit allows Remote Code Execution without user interaction and Proof of Concept code is already readily available online. That said, before everyone rushes to learn if they are vulnerable, exploitation of a Race Condition is extremely hit and miss and many customers likely have far more easily exploitable vulnerabilities exposed. Get a better understanding of what your environment looks like from an attackers perspective and ensure you are protected from real world threats: https://lnkd.in/enVssR7d #regreSSHion #CyberSecurity #SSH #SoftwareSecurity #Vulnerability #InfoSec #SecurityUpdate #DevSecOps #CVE #NetworkSecurity
OpenSSH Vulnerability: CVE-2024-6387 FAQs and Resources | Qualys, Inc.
qualys.com
-
The Teamviewer breach will be interesting to watch as it unfolds: https://lnkd.in/gCazkahy TeamViewer continues to be favoured by attackers for maintaining access post exploitation but we often find the free version installed in many customer environments as a workaround by well meaning IT staff without the risk owners approval. TeamViewer and many others provide often inadvertently provide direct access to the core of your environment, bypassing all security controls. Take a Cyber Compromise Assessment to understand what other Remote Access Tools are lurking in your environment: https://lnkd.in/enVssR7d #CyberSecurity #TeamViewer #SecurityBreach #ExpertResponse
-
If the Lockbit Ransom of the US Federal Reserve turns out to be true this could have interesting ramifications US policy on Ransomware moving forward. Our time dealing with Lockbit over the years has shown that those 33tb will contain a whole lot more than Personal Identifible Information (which in itself would be breach on an enormous scale): https://lnkd.in/ex9XBpdd #CyberSecurity #DataBreach #Ransomware #Lockbit #FederalReserve #InfoSec #DataProtection #CyberAttack #ThreatIntelligence #CyberAwareness
Deadline looms for alleged LockBit extortion of Feds over 33TB of data
scmagazine.com
-
The industry is rushing towards allowing AI to automatically make decisions around protecting customer environments, meanwhile it’s struggling with physical bacon bits: https://lnkd.in/ed5SkS33 Should we take a step back and master breakfast before breaches? 🫠 #firstnuggetsthentheworld #AI #notlovinit #cybersecurity #chatgpt
McDonalds removes AI drive-throughs after order errors
bbc.com
-
Potentially serious Microsoft WiFi vulnerability affecting all OS versions once exploit code is in the wild: https://lnkd.in/ePbm_THw This potentially allows Remote Code Authentication with zero input from the targeted user/endpoint. What is more worrying is that although all of the coverage so far lists the vulnerability as being an exploitation of the input validation of the WiFi stack and that local proximity is required, Microsoft’s own bulletin states (you have to dig down): “This can mean an attack must be launched from the same shared physical (e.g., Bluetooth or IEEE 802.11) or logical (e.g., local IP subnet) network, or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN to an administrative network zone)” Which implies this vulnerability could be far further reaching than the weekend media suggests. Further updates to follow but in the meantime please patch! If you are concerned how this vulnerability or any other may have affected your organisation, we’re waiting to help: https://lnkd.in/eRqvpntU #CyberSecurity #PatchTuesday #WiFi
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
-
Microsoft have decided to delay the release of Recall amid security concerns. As security professionals, we sincerely hope this massively intrusive feature has some serious rework (and is disabled by default) before being launched. Please leave the key logging to the professionals 🫣 https://lnkd.in/eHUWVEnx #cybersecurity #dataprotection #privacy #hacking
Microsoft to delay release of Recall AI feature on security concerns
reuters.com
-
It's VPN Wednesday! State-sponsored threat actors from China breach 20,000 Fortinet FortiGate systems globally, exploiting a critical security flaw. This highlights the importance of staying vigilant against evolving cyber threats and looking beyond the endpoint: https://lnkd.in/eZa8pRCp #CyberSecurity #ThreatActor #FortiGate #ChinaHacker
China state hackers infected 20,000 Fortinet VPNs, Dutch spy service says
arstechnica.com
-
It’s a rare occasion to get a decryption key during an investigation these days however, the FBI now have over 7,000 decryption keys for LockBit ransomware victims to reclaim their data for free. If you think you've been affected, visit ic3.gov now. #cybersecurity #FBI #LockBit Read more:
Protect one another.
ic3.gov