threat intelligence Vetting Threat Intelligence If your organization has ever gotten an alert for “facebook.com” because someone didn’t vet indicators of compromise properly somewhere along the chain between threat intelligence generation by a third-party and consumption by your security infrastructure, you’re not alone. Facebook might be an extreme example, but it’s
passwords Your Password Policy Doesn't Work Your employer’s password policies are stupid and you know it. If for some reason you love your employer’s password policies, then hopefully you will be disappointed by the end of this post, but first let me clarify which password policies I’m talking about. > Bad Password Policy – a
malware Should You Pay Hacker Ransom? If you haven’t heard by now, Uber paid hackers [https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data] $100,000 in ransom last year in exchange for deleting the stolen personal information of 57 million victims. Hackers have also been know to demand ransom for DDoS attacks [https://www.bleepingcomputer.
threat intelligence What is Threat Intelligence? A quick Google search suggests that a consensus has not quite been reached on defining the term “cyber threat intelligence.” There are some blog posts (yep, this one too) and even white papers attempting to assign some specifics or even trying to define threat intelligence by defining what it isn’
