Blog

Using cyber deception to catch entrenched attackers

When we talk about deception, we usually talk about detecting and preventing an attacker from executing lateral movement and accessing organizational assets. This post discusses using deception to actively catch an attacker who’s already deeply and comfortably entrenched in the network, and is a primer to our soon-to-be-released whitepaper on the same subject. What’s different …

Using cyber deception to catch entrenched attackersRead More »

Cryptocurrency deception: Don’t trust that wallet!

Since cryptocurrency, blockchain, and smart contracts have been in the news quite a bit recently, we thought we’d go ahead and add another buzzword to the combo by working deception into it! Organizations doing ICO are being targeted, and any organization dealing with cryptocurrency now has a new attack surface and risk area to consider. A strong need …

Cryptocurrency deception: Don’t trust that wallet!Read More »

Deception and the SingHealth breach: the anatomy of an attack that could have been prevented

Personal data of 1.5 million SingHealth patients has been compromised in what is being described as Singapore’s worst data breach to this day. According to analysis of the SingHealth breach by multiple sources, including the Cyber Security Agency of Singapore, the attack was a sophisticated one. The attackers are said to have had a high …

Deception and the SingHealth breach: the anatomy of an attack that could have been preventedRead More »

General Data Protection Regulation and Deception Solutions

The GDPR is the European Union’s General Data Protection Regulation. Its main objective is to protect EU residents’ data privacy, by homogenizing data privacy laws across Europe and changing the way organizations around the world approach data privacy for EU residents. Since the GDPR came into effect on 25 May 2018, it is more important …

General Data Protection Regulation and Deception SolutionsRead More »

Anne Arundel County: The Cyber Security Capital of the Free World?

Update:  I wrote a blog that was published back on March 30, 2017, entitled Cyber Education: Why Not Start Early? My point was how shocked and disappointed I was that there was no cybersecurity program in the Anne Arundel County Public School System here in Maryland.   Anne Arundel County is the cybersecurity capital of the free world. It …

Anne Arundel County: The Cyber Security Capital of the Free World?Read More »

Cymmetria releases honeypot for Cisco ASA vulnerability (CVE-2018-0101)

Cymmetria has just released a honeypot for the detection of the Cisco ASA vulnerability that was recently made public: CVE-2018-0101 (Score: 10) Vulnerable: Cisco ASA 5500, ASA 5500-X The honeypot will detect exploitation attempts against SSL VPN and will capture data sent to an IKE listener that now holds the suspicious payload   The honeypot …

Cymmetria releases honeypot for Cisco ASA vulnerability (CVE-2018-0101)Read More »

Scroll to Top