Rubrik Leaks Massive Database Of Client Data

A server security lapse has exposed a massive database of customer information belonging to Rubrik, an IT security and cloud data management giant.  The exposed server wasn’t protected with a password, allowing access to anyone who knew where to find the server.

Head of Android Security Says Locking Out Law Enforcement Is an ‘Unintended Side Effect’

In 2016, the FBI asked Apple to help the law enforcement agency get into the iPhone of the alleged terrorist who killed 14 people in San Bernardino with a malicious update, but the company said it couldn’t because it was an unreasonable request that would undermine the security of all iPhone users. Apple’s position helped solidify its image as a company that values security, and the iPhone as a more secure device than various Android phones.

CISA Awareness Briefing on Chinese Malicious Cyber Activity

Original release date: January 30, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) will conduct a series of virtual awareness briefings on Chinese malicious cyber activity targeting managed service providers (MSPs). Briefings will be held from 1–2 p.m. ET on the dates listed below:

Step 4. Set conditional access policies: top 10 actions to secure your environment

The “Top 10 actions to secure your environment” series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In “Step 4. Set conditional access policies,” you’ll learn how to control access to your apps and corporate resources using conditional access policies, and how these policies can block legacy authentication methods and control access to SaaS apps.

Wagner Mercenaries With GRU-issued Passports: Validating SBU’s Allegation

At a Monday press conference in Kyiv, Ukraine, the Ukrainian Security Agency (SBU) announced that it had intercepted passenger manifests from Russian MoD-chartered airliners transporting mercenaries working for Wagner, a Russian private military company (PMC). The manifests, involving flights from Russia to several African and Middle-East destinations in the latter half of 2018, allegedly transported a total of 1012 mercenaries to Sudan, CAR and other African destinations.

Verity Healthcare Suffers Multiple Phishing Attacks

Our Counterintelligence Team gathers information and conducts operations to identify threats to an organization so that they can better protect against malicious activity. We accomplish this by combining technology with skilled and experienced intelligence specialists. Our goal is to protect your data, your brand and your people.

Webinar: Using MITRE ATT&CK(TM) for Coverage and Effectiveness Assessments

JOIN TRUSTEDSEC ON February 13th, 2019, AT 1:00 PM EST

What is the MITRE ATT&CK(TM) Framework?

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CKTM) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available to any person or organization for use at no charge.” It is fast becoming the go-to model for known cyber adversary behavior, reflecting the phases of the attack lifecycle as well as commonly targeted platform.

MS-ISAC Releases Advisory on DNS Flag Day

Original release date: January 30, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an alert on Domain Name System (DNS) Flag Day, which is Friday, February 1, 2019. On DNS Flag Day, DNS software and service providers will roll out updates to remove workarounds that allow users to bypass the Extension Mechanisms Protocol for DNS (EDNS). While the updates will improve DNS operations, some domains served by DNS servers operating out-of-date software may become unavailable.

NCCIC Awareness Briefing on Chinese Malicious Cyber Activity

Original release date: January 30, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) will conduct a series of virtual awareness briefings on Chinese malicious cyber activity targeting managed service providers (MSPs). Briefings will be held from 1–2 p.m. ET on the dates listed below:

Webinar: Using MITRE ATT&CK for Coverage and Effectiveness Assessments

JOIN TRUSTEDSEC ON February 13th, 2019, AT 1:00 PM EST

What is the MITRE ATT&CK(TM) Framework?

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CKTM) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available to any person or organization for use at no charge.” It is fast becoming the go-to model for known cyber adversary behavior, reflecting the phases of the attack lifecycle as well as commonly targeted platform.