GDPR Compliance Audit: 5 Critical Areas You Can't Overlook
GDPR compliance, GDPR compliance checklist, GDPR audit preparation, Data privacy regulations, GDPR audit mistakes, GDPR compliance services, Data protection best practices, How to prepare for a GDPR audit, GDPR data mapping guide, Records of processing activities, GDPR security measures.
Posted on Apr 17 / 2025
Understanding PCI DSS Compliance: Penetration Testing, Quarterly Scanning, QSA, and SAQ Guidance
Learn the essentials of PCI DSS compliance, including penetration testing, quarterly vulnerability scanning, and the role of QSAs and SAQs. Stay ahead of cyber threats and ensure secure payment transactions. Contact Echelon Risk + Cyber to streamline your compliance strategy.
Posted on Apr 15 / 2025
Networking and Giving Back: Brayden's Keys to Career Success
Discover Brayden's journey from Minecraft modder to Cybersecurity Consultant at Echelon. Learn how passion, mentorship, and human connection fueled his success in the cybersecurity world.
Posted on Apr 15 / 2025
Cyber Intelligence Weekly (April 13, 2025): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: The Rise of the Smishing Triad: How Phishers Turned Apple Pay into a Global Fraud Scheme, 1.6 Million Affected in Cyberattack on Lab Partner for Planned Parenthood, Attackers Mimic Legitimate Devices to Bypass MFA and Steal Millions
Posted on Apr 13 / 2025
Ensuring SOX Compliance in IT and Security
Ensure your organization's IT and security program meets SOX compliance requirements. Learn how to implement access control, data protection, third-party risk management, backups, and monitoring to comply with Section 404 of the Sarbanes-Oxley Act and protect financial data.
Posted on Apr 09 / 2025
Cyber Intelligence Weekly (April 6, 2025): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: CISA Rings Alarm Over Active Exploitation of Ivanti Gateways, CISA and FBI Warn of DNS Evasion Technique in Use by Nation-State Hackers, Expert Witness Under Fire: FBI Investigates Forensic Consultant in 2,000+ Cases
Posted on Apr 06 / 2025
AI Governance: Top 10 Considerations for 2025
Explore the top 10 key considerations for AI governance in 2025, including ethical frameworks, regulatory compliance, data quality, risk management, and international collaboration. Learn how effective governance ensures responsible AI development, transparency, security, sustainability, and public engagement.
Posted on Apr 02 / 2025
The State of Cybersecurity in Healthcare 2025: Insights from Echelon Experts
This article explores the biggest cybersecurity challenges in healthcare for 2025, including IoMT device vulnerabilities, HIPAA Security Rule updates, and governance best practices. Learn how healthcare organizations can strengthen their security posture and protect patient data.
Posted on Apr 01 / 2025
From Deal to Defense: A Post-Acquisition Cybersecurity Whitepaper
Ensure a smooth post-acquisition cybersecurity transition with our 6-month integration plan. Download our expert whitepaper for a step-by-step roadmap today.
Posted on Mar 31 / 2025
Kelsey Cunningham of Echelon Risk + Cyber Named Rising Star by Consulting Magazine
Echelon Risk + Cyber, a leading provider of cybersecurity services, is proud to announce that Cybersecurity Manager Kelsey Cunningham has been honored as one of Consulting Magazine’s 2025 Rising Stars of the Profession. Kelsey was recognized in the category of Excellence in Leadership, highlighting her exceptional leadership, innovation, and impactful contributions within the cybersecurity consulting industry.
Posted on Mar 27 / 2025
Phishing Prevention Tactics to Keep Your Organization Secure
Protect your organization from phishing attacks with proactive cybersecurity strategies. Learn how phishing awareness training, reporting protocols, and email security measures can safeguard sensitive data.
Posted on Mar 26 / 2025
Cyber Intelligence Weekly (March 23, 2025): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Silent Commits, Big Impact: How a GitHub Action Was Hijacked, Shadows in the Network: Chinese-Linked APT Targets Taiwan’s Infrastructure, ZDI-CAN-25373: How Nation-State Hackers Weaponize Windows Shortcuts
Posted on Mar 23 / 2025
Cyber Threat Alert: Abusing AZUREADSSOACC for Pivoting from On-Premises Active Directory to Azure
Learn how threat actors exploit AZUREADSSOACC to pivot from on-premises Active Directory to Azure. Get actionable defenses to secure your hybrid identity environment.
Posted on Mar 19 / 2025
Top 10 Considerations for PCI in 2025
Stay ahead of PCI DSS 4.0 compliance requirements with Echelon Risk + Cyber. Our PCI DSS Readiness Assessments help identify gaps, streamline remediation, and ensure a smooth audit process.
Posted on Mar 19 / 2025
Understanding SOC 2 Compliance: A Comprehensive Overview
Learn about SOC 2 compliance, including Type 1 vs. Type 2, Trust Services Criteria, key compliance steps, and how GRC software can streamline your audit process.
Posted on Mar 18 / 2025
Cyber Intelligence Weekly (March 16, 2025): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Cybercriminals Impersonate Booking.com in Phishing Scam Targeting the Hospitality Industry, Medusa Ransomware Strikes Over 300 Critical Infrastructure Organizations in the U.S., SuperBlack Ransomware Exploits Fortinet Flaws to Breach Critical Systems
Posted on Mar 16 / 2025
Breaking Barriers: How Alyson Pisarcik Carved Her Own Path in Cybersecurity Consulting
This month, we’re featuring Alyson Pisarcik, Cybersecurity Manager for Risk Advisory and GRC services at Echelon, whose journey into cyber started with a leap of faith and a passion for solving complex problems. From overcoming imposter syndrome to taking control of her own career trajectory, Alyson shares how she navigated an industry that’s always evolving and how she’s using her experience to help others break into the field.
Posted on Mar 14 / 2025
How Montauk Renewables Slashed Cyber Risk by 90%—And How You Can Too
Montauk Renewables reduced critical vulnerabilities by 90% with Echelon’s vCISO and Security Team as a Service. Through a structured 12-month cybersecurity roadmap, we helped Montauk enhance IT-OT security, meet SEC compliance, and shift from reactive firefighting to strategic cybersecurity execution. Download the full case study to see how we transformed their security posture.
Posted on Mar 14 / 2025
On-Demand: Mastering Incident Response: Preparing, Planning, and Simulating Cybersecurity Success
Presented by Echelon Risk + Cyber’s CEO Dan Desko and Josh Fleming, Senior Manager for Risk Advisory Services, this immersive session will focus on strengthening your organization’s IR capabilities. Learn to develop robust IR plans, create actionable playbooks, and execute impactful tabletop exercises to ensure your team is prepared for any cybersecurity challenge
Posted on Mar 12 / 2025
Managed Firewall Services: Enhancing Security and Simplifying Operations
Discover how Managed Firewall Services enhance cybersecurity, reduce complexity, and ensure compliance with 24/7 expert management and proactive threat prevention.
Posted on Mar 11 / 2025
Cyber Intelligence Weekly (March 9, 2025): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: U.S. Charges 12 Chinese Nationals in Massive Cyber Espionage Operation, Millions of Android Devices Infected with Hidden Backdoor for Cybercrime, Texas Border City Declares State of Emergency Following Cyberattack
Posted on Mar 09 / 2025
Empowered Voices: Advice from Women at Echelon on Career, Balance, and Growth
At Echelon, our people are at the heart of everything we do. Read inspiring career advice from the women of Echelon as they share insights on leadership, work-life balance, and personal growth.
Posted on Mar 08 / 2025
Zero Trust in Identity and Access Management: Best Practices, Challenges, and How to Get Started
Learn how Zero Trust enhances Identity and Access Management (IAM) with best practices, real-world challenges, and practical steps for a seamless implementation. Secure your organization with Echelon's expertise.
Posted on Mar 05 / 2025
Cyber Threat Alert: Sophisticated Social Engineering Attacks Leverage Legitimate Microsoft Tools and Services to Deploy Ransomware
Discover how sophisticated social engineering attacks are leveraging legitimate Microsoft tools and services to deploy ransomware. Learn about recent phishing campaigns, Microsoft Teams vishing and effective cybersecurity measures to protect your organization.
Posted on Mar 04 / 2025
Cyber Intelligence Weekly (March 2, 2025): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: UK Healthcare Provider HCRG Care Group Suffers Massive Data Breach, U.S. Soldier Faces Charges for AT&T Hack and Attempted Defection, Palo Alto Networks Warns of Active Exploitation of Firewall Vulnerabilities
Posted on Mar 02 / 2025
Cyber Intelligence Weekly (February 23, 2025): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Bybit Hacked: $1.4 Billion in Ethereum Stolen in Massive Cyber Heist”, Apple Pulls Advanced Data Protection in the UK Amid Government Encryption Demands, FBI and CISA Issue Warning on Ghost (Cring) Ransomware Surge
Posted on Feb 23 / 2025
From Help Desk to Cybersecurity Expert: A Journey into Offensive Security
In this interview, Devin Jones, Principal Offensive Security Consultant at Echelon, offers valuable insights into his cybersecurity journey. He highlights the challenges and rewards of his dynamic role, the key lessons he's learned along the way, and the advice that has shaped his approach to both work and life.
Posted on Feb 19 / 2025
Exploiting the Active Directory Machine Account Quota (MAQ): RBCD, Privilege Escalation, and Backdoor Account Creation
Learn about Machine Account Quota (MAQ) attacks in Active Directory, where attackers exploit machine account creation and misconfigurations to escalate privileges, maintain persistence, and perform Resource-Based Constrained Delegation (RBCD). This article covers techniques such as manipulating delegation permissions and crafting Kerberos tickets to gain unauthorized domain access, including practical examples and tools for detecting and mitigating these threats.
Posted on Feb 19 / 2025
The Security Paradox: Flaws in DeepSeek Expose Industry-Wide AI Safety Challenges
DeepSeek R1’s security flaws highlight critical AI safety risks, from data exposure to adversarial attacks. Learn how vulnerabilities in open-source AI models compromise cybersecurity and what mitigation strategies organizations should adopt.
Posted on Feb 13 / 2025
On-Demand: Prioritizing Cloud Security: Uncovering Hidden Risks & Strengthening Your Defenses
Organizations face increasing challenges in securing their cloud environments, including unique risk, limited visibility and expertise, and a rising threat landscape. We’ll explore the key risks that make cloud environments unique, the value of structured assessments, and actionable steps to enhance your security posture while aligning with industry standards and compliance requirements.
Posted on Feb 12 / 2025
Cyber Intelligence Weekly (February 9, 2025): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Ransomware Payments Decline Despite a Year of Devastating Cyberattacks, UK Demands Apple Create Global Backdoor to Encrypted Cloud Storage, Russian Hackers Suspected of Compromising UK Prime Minister’s Email
Posted on Feb 09 / 2025
Cybersecurity Strategies for High-Growth Software Startups
Discover how Echelon's vCISO services can help high-growth software startups overcome cybersecurity challenges. Build scalable strategies to protect customer data, meet compliance, and stay ahead of threats without slowing innovation. Learn more today!
Posted on Feb 05 / 2025
Cyber Intelligence Weekly (February 2, 2025): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Jailbreak Techniques Successfully Bypass DeepSeek AI Security Measures, Foreign Hackers Exploit U.S. AI Tools to Enhance Cyberattacks, Backdoor Found in Patient Monitors Used in U.S. Hospitals
Posted on Feb 02 / 2025
On-Demand: Mastering Third-Party Risk Management: Strategies and Tools for Success
Relying more on external vendors makes understanding and mitigating third-party risks crucial. Get a comprehensive overview of Third-Party Risk Management (TPRM), emphasizing CIS Control 15 and practical risk management strategies.
Join us as Paul Interval, Director of vCISO Advisory Services and Shir Butbul, GRC Manager, from Echelon Risk + Cyber, share real-world examples, case studies, and actionable advice to help you identify, assess, and manage third-party risks effectively
Posted on Jan 29 / 2025
Mastering Cybersecurity Tabletop Exercises: Building a Strong Cyber Response Team for Success
Master the art of cybersecurity tabletop exercises with best practices for incident response. Learn how to plan scenarios, engage teams, and build a stronger cyber response strategy.
Posted on Jan 29 / 2025
Cyber Intelligence Weekly (January 26, 2025): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Massive PowerSchool Data Breach Exposes Personal Records of Millions of Students and Teachers, UnitedHealth Confirms Record-Breaking Data Breach Affecting 190 Million Americans, Security Vulnerability in Subaru's STARLINK System Exposed Customer Data and Vehicle Control Risks
Posted on Jan 26 / 2025
Fortify Your Business with Echelon’s Next-Generation Managed Defensive Security Services
Explore Echelon Risk + Cyber's Managed Defensive Security Services, a comprehensive suite protecting your organization with expert-led solutions for Microsoft 365, cloud security, threat management, and firewalls. Download checklists and capabilities overview briefs to strengthen your defenses.
Posted on Jan 23 / 2025
Cyber Intelligence Weekly (January 19, 2025): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Hackers Exploit Amazon S3 Buckets Using Encryption Tools in Ransom Scheme, U.S. Treasury Sanctions Chinese Entities for Salt Typhoon Cyberattacks, U.S. Removes Malware Linked to Chinese Hackers in Global Operation
Posted on Jan 19 / 2025
From Gaming to Cybersecurity: A Consultant’s Journey to Securing Systems
Discover the journey of Michael Pettet, Senior Cybersecurity Consultant at Echelon, from self-taught beginnings to becoming a trusted expert in penetration testing and privacy advocacy. Gain insights into the challenges, rewards, and tools of the trade in this insider look at a cybersecurity career.
Posted on Jan 14 / 2025
Cyber Intelligence Weekly (January 12, 2025): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Apple Settles Siri Privacy Lawsuit for $95 Million, Over 4,000 Backdoors Neutralized Through Expired Domain Registration, New York Takes Action Against $2 Million Cryptocurrency Scam Exploiting Remote Job Seeker
Posted on Jan 12 / 2025
Proposed Enhancements to HIPAA Security Rule: Strengthening Cybersecurity in Healthcare
Explore the proposed enhancements to the HIPAA Security Rule by HHS, designed to strengthen cybersecurity in healthcare. Learn how Echelon's incident response planning and tabletop exercises help organizations comply while improving resilience against cyber threats.
Posted on Jan 08 / 2025
Cyber Intelligence Weekly (January 5, 2025): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: US Treasury Department Breach Highlights Vulnerabilities in Remote Access Software, HHS Proposes Significant Updates to HIPAA Security Rule to Bolster Cybersecurity, U.S. Army Specialist Indicted in Telecom Hacking Scandal
Posted on Jan 05 / 2025
2024's Must-Read: Top 5 Cybersecurity Articles You Can't Miss
We’re excited to share the 5 most-read articles of the year. These articles stand out for their relevance, depth, and impact on the ongoing cybersecurity dialogue. Whether you’re a seasoned pro or just starting to dive into the world of cybersecurity, these pieces offer valuable perspectives on the challenges and solutions facing today’s digital landscape.
Posted on Dec 18 / 2024
From Nursing to Networks: Zach Cambre’s Leadership Journey in Cybersecurity
In this interview, Zach Cambre, Risk Advisory Cybersecurity Manager at Echelon, shares his unique journey into cybersecurity and what drives his success. With a background in nursing and a growing interest in technology, Zach has thrived in the fast-paced world of cybersecurity consulting. He talks about how the variety of his work keeps him engaged, the importance of tackling challenges one step at a time, and the value of mentorship. Read on to learn more about Zach’s inspiring career and the insights he’s gained along the way.
Posted on Dec 17 / 2024
Cyber Intelligence Weekly (December 15, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Cleo Zero-Day Vulnerability Exploited in Widespread Attacks, DOJ Indicts 14 North Koreans for $88 Million Fraud Scheme Targeting U.S. Companies, SEC Cyber Disclosure Rules: A Year Later, Progress and Pitfalls
Posted on Dec 15 / 2024
Protecting K-12 Schools: Tackling Top Cyber Risks with FCC's $200M Cybersecurity Pilot Program
Earlier this year, the Federal Communications Commission (FCC) announced $200 million worth of cybersecurity grants will be distributed to eligible K-12 schools as part of the Cybersecurity Pilot Program. So, what are the biggest cyber risks to schools, and how can schools mitigate them in the most cost-efficient way?
Posted on Dec 11 / 2024
Cyber Intelligence Weekly (December 8, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Operation Destabilize Unravels Crypto Money Laundering Networks, British Telecom Giant BT Group Confirms Cyberattack Attempt by Black Basta Ransomware, Cyber Force Proposal Scaled Back in 2025 Defense Bill
Posted on Dec 08 / 2024
Roundtable: Beyond Checkboxes - Navigating Compliance and Security
Explore the crucial differences between compliance and security in this insightful roundtable with Echelon’s Paul Interval and A-LIGN’s Blaise Wabo. Learn how to move beyond checkboxes, address risks, and implement forward-thinking strategies to protect your organization.
Posted on Dec 05 / 2024
Cybersecurity Trends and Predictions for 2025: Expert Insights to Stay Ahead
Discover the key cybersecurity predictions for 2025 as industry experts explore the transformative role of AI, the critical importance of employee training, navigating compliance challenges, and strategies to counter evolving threats like ransomware and social engineering.
Posted on Dec 04 / 2024
Cyber Intelligence Weekly (December 1, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Blue Yonder Ransomware Incident Wreaks Havoc on U.K. and U.S. Retailers, U.S. Soldier Suspected as Hacker Behind Snowflake Extortions, Chinese Hackers Breach T-Mobile Routers in Targeted Telecom Attack
Posted on Dec 01 / 2024
Cyber Intelligence Weekly (November 24, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Microsoft's AI-Powered Recall Feature Now Available for Windows Insiders, Russian Hackers Exploit Wi-Fi in Innovative ‘Nearest Neighbor Attack', UK Drinking Water Supplies Impacted by Surge in Cyber Incidents
Posted on Nov 24 / 2024
New PAN-OS Vulnerability Exposed: Steps to Defend Your Network
Learn more about the critical vulnerability found recently in the PAN-OS management interface by the CISA.
Posted on Nov 21 / 2024
Hacking Boundaries: Travis’s Journey of Innovation, Leadership, and Cybersecurity Excellence
Discover Travis Weathers's inspiring journey from military service to Senior Director of Offensive Security at Echelon. From a surprising start in ethical hacking to becoming a leader in the cybersecurity field, TW’s story is one of determination, growth, and a passion for protecting both organizations and individuals.
Posted on Nov 20 / 2024
Cyber Intelligence Weekly (November 17, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Canadian Man Arrested in Connection with Snowflake Data Extortion Scheme, Palo Alto Networks Confirms Exploitation of Critical Zero-Day Firewall Vulnerability, North Korean Hackers Experiment with New macOS Malware, Researchers Discover
Posted on Nov 17 / 2024
Best Practices for Role-Based Access Control (RBAC)
In today’s digital world, managing access is essential for security, efficiency, and compliance. Role-Based Access Control (RBAC) simplifies this by assigning roles and granting access based on those roles, rather than individual permissions. This ensures consistent, well-managed access across the organization, making RBAC one of the most effective security methods. In this article, we'll explore RBAC, its implementation challenges, and practical tips for maintaining an effective system as organizations scale.
Posted on Nov 13 / 2024
Echelon Selected as Finalist in Cybersecurity Category for Pittsburgh Technology Council's Prestigious Tech 50 Awards
Echelon is proud to announce its selection as a finalist in the Cybersecurity category at the Pittsburgh Technology Council's esteemed Tech 50 Awards. This honor recognizes Echelon’s key role in reducing cyber risks and enhancing digital security for organizations across Southwestern Pennsylvania's tech community.
Posted on Nov 11 / 2024
Cyber Intelligence Weekly (November 10, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Apple’s New iOS Feature Locks Out Law Enforcement with Inactivity Reboot, TSA Proposes Cybersecurity Reporting Mandate for Critical Infrastructure, Secure-by-Design: How AWS, Microsoft, and Others Are Embracing CISA's Cyber Goals
Posted on Nov 10 / 2024
Echelon Welcomes Josh Fleming as Senior Manager of Risk Advisory and GRC Services, Leading Innovation in Cybersecurity and Risk Management
Posted on Nov 05 / 2024
Cyber Intelligence Weekly (November 3, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Sophos' Five-Year Battle Against Chinese Hackers Exploiting Firewall Vulnerabilities, Russian Hacker Group Midnight Blizzard Launches Targeted Spear-Phishing Campaign with Malicious RDP Files, Police Dismantle Redline and Meta Infostealers in Operation Magnus
Posted on Nov 03 / 2024
Cybersecurity Myths vs. Facts: What You Need to Know
Join us this Cybersecurity Awareness Month to debunk myths and strengthen your defenses! Learn key truths about phishing, password security, and the importance of updates to protect your organization from digital threats.
Posted on Oct 31 / 2024
Inc. Names Echelon Risk + Cyber as a 2024 Power Partner Award Winner
Inc., the leading media brand and playbook for the entrepreneurs and business leaders shaping our future, announced its third annual Power Partner Awards. The prestigious list honors B2B organizations across the country that have proven track records supporting entrepreneurs and helping startups grow. This year’s list recognizes Echelon Risk + Cyber (Echelon) among 359 companies in marketing and advertising, health and wellness, financial services, legal, logistics, public relations, and productivity, as well as other critical areas of business.
Posted on Oct 29 / 2024
Cyber Intelligence Weekly (October 27, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Chinese Hackers Allegedly Target Campaign Phones of Trump, Vance, and Harris, Black Basta Ransomware Group Uses Microsoft Teams to Masquerade as IT Support, Kremlin-Linked Hackers Target Ukrainian Agencies in Espionage Campaign
Posted on Oct 27 / 2024
Cyber Intelligence Weekly (October 20, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Sudanese Hackers Charged for Cyberattacks Targeting Hospitals and National Security Systems, Alabama Man Arrested for SEC Hack That Manipulated Bitcoin Prices, Microsoft Investigates Logging Issues Impacting Multiple Services
Posted on Oct 20 / 2024
Comprehensive Guide: Mastering Third-Party Risk Management
In today's interconnected world, Third-Party Risk Management (TPRM) is essential for safeguarding your organization against cyber threats introduced by external partners. This guide explores the critical aspects of TPRM, providing a framework for identifying, assessing, and mitigating risks associated with third-party relationships.
Posted on Oct 16 / 2024
Cyber Intelligence Weekly (October 13, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: U.S. Officials Scramble to Assess Impact of China’s Salt Typhoon Hacks on Wiretap Systems, Internet Archive Breached, 31 Million Users' Data Exposed, Marriott Agrees to $52 Million Settlement Following Data Breaches
Posted on Oct 13 / 2024
Protecting What Matters: Hernán’s Story of Purpose, Security and Service.
Hernán Lazarde, Senior Consultant for our Defensive Security services has proven to be a true advocate for proactive security and community support. With a sharp eye for identifying security gaps, he believes that preparation and swift action are essential for staying ahead of threats. His passion for service began in high school in Venezuela, where he learned that helping others fosters personal growth. Explore his journey and discover how his commitment extends beyond technology.
Posted on Oct 10 / 2024
Top 4 Things to Know About ISO/IEC 42001:2023 for Organizations New to the Standard
Discover the top 4 things to know about ISO/IEC 42001:2023 for organizations new to AI standards. Learn how this framework supports ethical AI development, risk management, and continuous improvement to ensure responsible AI governance.
Posted on Oct 09 / 2024
Cyber Intelligence Weekly (October 6, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Chinese Hackers Breach US Wiretap Systems, Access Telecom Networks, Evil Corp Members Sanctioned, Links to LockBit Revealed, Meta Smart Glasses Can Be Used to Dox Strangers in Seconds, Researchers Find
Posted on Oct 06 / 2024
Expert Insights for Cybersecurity Awareness Month: Strategies to Enhance Protection
Discover expert strategies from Echelon to enhance your organization's cybersecurity during Cybersecurity Awareness Month. Learn about training enhancements, cyber exercise benefits, internal testing, and building a culture of awareness to strengthen cyber defenses.
Posted on Oct 01 / 2024
From Vulnerability Assessments to Red Teaming: Choosing the Right Cybersecurity Assessment
Choosing the right offensive cybersecurity service can be challenging, especially with options like red teaming, penetration testing, and vulnerability assessments that often appear overlapping. Each service, however, serves a distinct purpose and addresses different aspects of your security needs. To help you make an informed decision, let’s explore the differences between these services and how they align with your organization’s specific cybersecurity goals.
Posted on Sep 30 / 2024
Cyber Intelligence Weekly (September 29, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Kaspersky's Sudden Software Swap for US Users Sparks Concerns, Critical Linux CUPS Vulnerability Sparks Debate, but Risks Remain Manageable, Website Flaw Exposes Millions of Kia Vehicles to Hacking and Tracking Risks
Posted on Sep 29 / 2024
Navigating the Cybersecurity Landscape: Travis Weathers Joins Echelon as Senior Director of Offensive Security
In today's rapidly evolving cybersecurity landscape, Echelon Risk + Cyber believes that privacy and security are basic human rights, driving growth and innovation to protect and uphold this fundamental purpose. This commitment is exemplified by their recent addition of industry veteran Travis Weathers as the Senior Director of Offensive Security. With a robust background in security and military service, Weathers brings a wealth of experience and a fresh perspective to Echelon's mission of providing comprehensive security solutions.
Posted on Sep 26 / 2024
Network Vulnerability Basics: Securing Every Layer of the OSI Model
The OSI Model, or Open Systems Interconnection Model, is a way to break down how networked devices communicate into seven layers. It was developed in the late ‘70s and published by the International Organization for Standardization (ISO) in 1984. This article details the vulnerabilities and recommended remediations of each layer of the OSI model. It will be helpful for anyone just starting their cybersecurity career, as well as a refresher for our long timers.
Posted on Sep 25 / 2024
How to Strengthen Your Cybersecurity Posture: Key Takeaways from CISA's 2023 Vulnerability Report
Discover essential strategies for strengthening your cybersecurity defenses based on the key insights from CISA's 2023 Vulnerability Report. Learn how to combat phishing, prevent lateral movement, secure credentials, and enhance incident response to protect your business from evolving cyber threats.
Posted on Sep 24 / 2024
Cybersecurity Offensive Service Comparison: Assessment, Testing, and Red Teaming
Organizations often face confusion when selecting offensive cybersecurity services. Vulnerability Assessment, Penetration Testing, and Red Teaming are essential but serve different purposes. At Echelon Risk + Cyber, we frequently encounter this confusion, so we’re here to break down each service and clarify which might be the best fit for your organization.
Posted on Sep 23 / 2024
Cyber Intelligence Weekly (September 22, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: UK Privacy Watchdog Stops LinkedIn’s AI Training Program Using User Data, Singapore’s BingX Loses $44 Million in Major Crypto Hack, Massive Chinese IoT Botnet Goes Undetected for Four Years Before FBI Takedown
Posted on Sep 22 / 2024
Navigating Cybersecurity and the World: A Journey of Growth and Mentorship
Shir Butbul, Senior Consultant for vCISO services, has made an extraordinary impact at Echelon since joining the team. Starting her career in GRC (Governance, Risk, and Compliance), Shir has continually expanded her leadership and soft skills, culminating in co-founding the Women in Cyber employee resource group. This initiative reflects her dedication to mentoring and uplifting the next generation of women in cybersecurity. Shir’s passion for continuous learning extends beyond Echelon RiIsk + Cyber, as she frequently shares her expertise at industry conferences, encouraging curiosity and proactivity in others. Join us as we dive into her inspiring journey.
Posted on Sep 18 / 2024
Cyber Intelligence Weekly (September 15, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Windows Vulnerabilities Leave Systems at Risk Despite Security Updates, Cyberattack on Transport for London Exposes Customer and Employee Data, SonicWall Pushes Urgent Patch for Critical SonicOS Vulnerability
Posted on Sep 15 / 2024
Comprehensive Guide: Maximizing Cybersecurity with vCISO-Led Security Teams
Written by Echelon’s Cybersecurity Associate, John Hurd, our guide, "Maximizing Cybersecurity with vCISO-Led Security Teams" dives deep into the potential pitfalls and offers strategic insights to help you safeguard your organization.
Posted on Sep 11 / 2024
Cyber Intelligence Weekly (September 8, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Navy Officer Demoted for Installing Unauthorized Satellite Dish on Warship, Russian GRU Officers Charged for Cyberattacks on Ukraine and NATO Countries, Food Supply at Risk: Why Cybersecurity in Agriculture Needs Urgent Attention
Posted on Sep 08 / 2024
Cyber Intelligence Weekly (September 1, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Chinese Hackers Exploit Zero-Day Vulnerability to Infect ISPs and Steal Customer Credentials, ALBeast Vulnerability in AWS ALB Exposes Thousands of Applications, FBI Warns of Iranian Collaboration with Ransomware Gangs Targeting U.S. and Allies
Posted on Sep 01 / 2024
Summer Wrap-Up: Intern Experiences at Echelon Risk + Cyber
Let's reflects on the transformative internship experience at Echelon Risk + Cyber, highlighting the journeys of interns Drew Foley, Cole LaCamera, Pamela Sanchez, and Niko Raketich. Each intern shares their insights gained through hands-on exposure to various aspects of cybersecurity, from vCISO services to compliance assessments and marketing. The program not only nurtures talent but also infuses the company with fresh perspectives, illustrating the profound impact of a supportive learning environment. A heartfelt thank you is extended to all interns for their valuable contributions this summer.
Posted on Aug 29 / 2024
Echelon Risk + Cyber is excited to welcome David Faraone as a new partner.
David brings extensive experience in cybersecurity and risk management, enhancing Echelon's ability to deliver innovative solutions and expert guidance. His addition to the team is expected to strengthen Echelon's position in the industry and further drive its mission to protect clients from evolving cyber threats.
Posted on Aug 26 / 2024
From All-American Rower to Sales Dynamo: Launa Rich's Inspiring Journey
In the ever-evolving world of cybersecurity and sales, Launa Rich, Echelon Risk + Cyber’s Client Solutions Manager, emerges as a beacon of perseverance and innovation. Her story is not just about expertise but about an extraordinary journey from the rowing waters of academia to the bustling corridors of high-stakes sales. With a narrative steeped in resilience, adaptability, and a deep commitment to community, Launa's transition paints a vivid picture of personal growth and professional triumphs. Join us as we delve into her inspiring path to Echelon, offering insights and reflections that highlight the essence of overcoming challenges and achieving success.
Posted on Aug 26 / 2024
Cyber Intelligence Weekly (August 25, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: US Law Enforcement Turns to Hacked Sky Messages in Major Drug Busts, Configuration Error at FlightAware Exposes Sensitive Customer Data, Halliburton Takes Systems Offline After Major Cyberattack
Posted on Aug 25 / 2024
Inside BSides Mexico City 2024
The origin of BSides goes back to 2009, when a group of cybersecurity professionals recognized the need for community in the field, of a place to share knowledge and ideas. It began as an alternative to popular cybersecurity conferences, putting emphasis on openness, accessibility, and collaboration. The concept was well received, leading to the establishment of BSides chapters worldwide.In this occasion, the Echelon Risk + Cyber’s Mexico team had the opportunity to attend BSides 2024 in Mexico City. This year’s event continued the tradition of providing an open space for discussing the latest trends and challenges in the cybersecurity field. We will explore the highlights and key takeaways from this event, offering a detailed overview and the most significant moments.
Posted on Aug 21 / 2024
Cyber Intelligence Weekly (August 18, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Iranian Hacker Group Targets Both U.S. Presidential Campaigns, Google Reports, Microsoft's Summer 6-Pack, Patch Tuesday Addresses Six Zero-Day Vulnerabilities, Unpatched Flaw in Google Pixel Phones Raises Security Concerns
Posted on Aug 18 / 2024
The Business Case for Investing in Cybersecurity Compliance
The idea that cybersecurity compliance is a financial obstacle is a dangerous misconception. Having robust cybersecurity compliance is more than just checking the box on compliance. It is a strategic investment that can create significant returns for any organization, but for the investment to be successful, they must commit time and resources to it. Organizations that view compliance as an opportunity rather than just a box they must check, will have a competitive advantage against competitors. Customers are more likely to trust and engage with businesses that prioritize their data and privacy. Trust can then lead to increased customer acquisition and retention for any organization.
Posted on Aug 14 / 2024
Cyber Intelligence Weekly (August 11, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW: Trump Campaign Confirms Hack, Suspects Iranian Involvement, NHS Software Supplier Faces £6 Million Fine for Ransomware Attack Failings, Researchers Discover Decades-Old Vulnerability in Major Web Browsers
Posted on Aug 11 / 2024
Cyber Intelligence Weekly (July 28, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW:1️⃣ How a North Korean Agent Nearly Infiltrated KnowB4
2️⃣ Google Fixes Email Verification Flaw Exploited by Cybercriminals
3️⃣ Revisiting Kernel Access: Microsoft’s Plan for Enhanced Windows Security
Posted on Jul 28 / 2024
Comprehensive Guide: The Security Risks of Generative AI
Written by Echelon’s Cybersecurity Associate, John Hurd, our guide, "The Security Risks of Generative AI," dives deep into the potential pitfalls and offers strategic insights to help you safeguard your organization.
Posted on Jul 24 / 2024
Enclave Excellence: Elevating Your CMMC 2.0 Compliance Game
The new CMMC 2.0 requirements can be overwhelming at first glance. By implementing an enclave, organizations can greatly lessen the efforts and costs associated with CMMC 2.0 compliance.
Posted on Jul 24 / 2024
Cyber Intelligence Weekly (July 14, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW:
1️⃣ AT&T Faces Major Data Breach Exposing Customer Call and Text Records
2️⃣ CISA Exposes Federal Agency's Security Gaps Through Red Team Assessment
3️⃣ DDoSecrets Mirrors Critical WikiLeaks Files Amidst Assange's Legal Troubles
Posted on Jul 14 / 2024
Untangling the Privacy Alphabet: Privacy Risk Assessments
Posted on Jul 10 / 2024
Cyber Intelligence Weekly (July 7, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW:
1️⃣ Hackers Leak Taylor Swift Tickets, Extort Ticketmaster for Millions
2️⃣ OpenAI Internal Details Reportedly Stolen in 2023 Breach
3️⃣ Twilio Confirms Hackers Accessed Phone Numbers of Authy Users
Posted on Jul 07 / 2024
Cyber Intelligence Weekly (June 30, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. In this week's CIW:
1️⃣ Polyfill.io and the Risks of JavaScript Supply Chain Attacks
2️⃣ Google's New Facial Recognition Pilot for Campus Security
3️⃣ Inside the TeamViewer Security Breach: Cozy Bear Strikes Again
Have a wonderful week, everyone!
Posted on Jun 30 / 2024
The Remote Worker’s Guide to Building a Professional Cybersecurity Network
Posted on Jun 26 / 2024
Cyber Intelligence Weekly (June 23, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: In this week's CIW:1️⃣ Cyberattack on CDK Global Disrupts Auto Dealerships Nationwide
2️⃣ SEC Charges R.R. Donnelley Over Cybersecurity Failures
3️⃣ U.S. Government Bans Kaspersky Software Over Security Concerns
Have a wonderful week, everyone!
Posted on Jun 23 / 2024
WiCyS 2024 Conference Recap: Athena Smiles for Cybersecurity
WiCyS 2024 showcased the vital contributions of women in cybersecurity, featuring inspiring sessions and emphasizing the importance of community and mentorship. The conference encouraged more women to join and strengthen the cybersecurity domain.
Posted on Jun 19 / 2024
Cyber Intelligence Weekly (June 16, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: In this week's CIW:1️⃣ The Rising Brutality of Ransomware Attacks in 2024
2️⃣ Leader of Scattered Spider Hacking Group Arrested in Spain
3️⃣ ICC Investigates Cyberattacks in Ukraine as War Crimes
Posted on Jun 16 / 2024
Packet Paranoia – Manipulating ICMP Packets to Covertly Exfil and Infil Data
Posted on Jun 11 / 2024
Cyber Intelligence Weekly (June 9, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: In this week's CIW:1️⃣ Recall Feature Rollback: Microsoft Responds to Security Criticism
2️⃣ Ransomware Attack Cripples Major London
3️⃣ Apple Introduces New 'Passwords' App for Enhanced Security
Posted on Jun 09 / 2024
Cyber Intelligence Weekly (June 2, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: In this week's CIW:1️⃣ Ticketmaster and Santander Data Breaches: A Closer Look
2️⃣ The Challenges of AI Search, Google's Latest Adjustments
3️⃣ How a Cyberattack Disabled 600,000 Routers in 72 Hour
Posted on Jun 02 / 2024
Cyber Intelligence Weekly (May 19, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: In this week's CIW: 49 Million Dell Customer Records Compromised, Justice Department Cracks Down on North Korean IT Worker Fraud, CISA Insider Reveals Critical Vulnerabilities in U.S. Telecom Networks
Posted on May 19 / 2024
Cyber Intelligence Weekly (May 12, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: In this week's CIW: LockBit Lockdown, U.S. Indicts Key Ransomware Developer, Critical Condition: Cyberattack Disrupts Ascension Health's Nationwide Operations, FBI Urges Increased Surveillance Under Section 702 Amidst Controversy
Posted on May 12 / 2024
Cyber Intelligence Weekly (May 5, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Biden's Bold Blueprint to Shield Critical Infrastructure from Cyber Threats, FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data, Massive Data Breach at Outabox Sparks Debate Over Biometric Privacy
Posted on May 05 / 2024
Cyber Intelligence Weekly (April 28, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Massive Data Breach at UnitedHealth Affects “Substantial Proportion of People in America”, GitHub Exploit: Malware Masquerades as Microsoft Repo Files, ArcaneDoor Exploit, How Cisco Firewalls Became Gateways for Spies
Posted on Apr 28 / 2024
Cyber Intelligence Weekly (April 21, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Urgent Update: 22,500 Palo Alto Firewalls at Risk of Critical Exploit, Critical Infrastructure at Risk: The Escalation of Cyber Attacks by Russian Hackers, New York Legislative Commission Faces Cyber Sabotage Amid Budget Season
Posted on Apr 21 / 2024
The Latest in FedRAMP Compliance: Breaking Down Red Teaming for Enhanced Security
FedRAMP announced a new red team requirement impacting cloud service providers. This article breaks down the details of the requirement and the difference between red teaming and pen testing.
Posted on Apr 18 / 2024
On-Demand: Chew On This: Cybersecurity Investment Strategies for Diverse Portfolios
Listen to our fourth installment of our webinar series, "Chew On This," where we delve into the complexities of cybersecurity investment strategies tailored for diverse business portfolios. In this co-branded episode with Expel, we explored pivotal insights into effectively securing companies that boast a portfolio of ventures.
Posted on Apr 16 / 2024
Cyber Intelligence Weekly (April 14, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Credential Stuffing Strikes Roku: Over Half a Million Accounts Compromised, Congress Unveils APRA in Landmark Privacy Legislation Attempt, Customer Turmoil Following Sisense's Vague Breach Announcement
Posted on Apr 14 / 2024
On-Demand: Code Blue: Validating Digital Identity in a Perimeter-less World
In this session, we unravel complex IAM concepts, positioning authentication and authorization as the cornerstone for achieving zero trust architectures. Explore the challenges that legacy identity constructs face in today's dynamic threat landscapes and discover pragmatic approaches for continuous verification.
Posted on Apr 09 / 2024
SEC’s Cybersecurity: Insights into the SEC's Recent Cybersecurity Disclosure Mandates
Discover insights into the recent SEC cybersecurity disclosure mandates, exploring the evolving intersection of finance and technology. Learn about critical updates, implications for the cybersecurity landscape, and the importance of compliance for companies and investors.
Posted on Apr 08 / 2024
Cyber Intelligence Weekly (April 7, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: New Cyber Safety Review Board Critical of Microsoft’s Security Efforts, Close Call, How the Linux XZ Backdoor Nearly Compromised Millions, Attempting to Unmask Jia Tan, The Architect Behind the XZ Utils Backdoor
Posted on Apr 07 / 2024
Cyber Intelligence Weekly (March 24, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Apple's M-Series Chips Exposed: The Unpatchable GoFetch Vulnerability, Securing the Flow: The U.S. Urges Ramp Up of Cyber Defenses for Water Systems, Hotel Havoc, Hackers Can Open Millions of Rooms in Second
Posted on Mar 24 / 2024
Cyber Intelligence Weekly (March 17, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Hearing Your Typing, A Novel Approach to Cyber Espionage, Reddit's AI Revenue Plan Under FTC Scrutiny, Busy Patch Tuesday, Microsoft Patches 60 Windows Vulnerabilities, Apple 2 Zero Days
Posted on Mar 17 / 2024
Cyber Intelligence Weekly (March 10, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Healthcare in Crisis: Navigating the Aftermath of Change Healthcare Cyberattack, Midnight Blizzard Continues Cyber Siege on Microsoft, CISA Cybersecurity Breach, A Wake-Up Call for National Security
Posted on Mar 10 / 2024
Adaptability and Perseverance – Breaking Down CrowdStrike’s Perspective on the 2024 Global Threat Landscape
Dive into CrowdStrike's 2024 Global Threat Report with insights from Daniela Villalobos and Mitchel Sykes. Understand the most important cyber threat trends and learn strategies to stay ahead by focusing on identity protection and cloud security while fostering a cybersecurity culture.
Posted on Mar 05 / 2024
Cyber Intelligence Weekly (March 3, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: NIST Unveils CSF 2.0: A New Chapter in Cybersecurity Framework Evolution, Urgent Warning: Cyber Threats Targeting Ivanti Gateways Exposed, Millions of Malicious Forks, GitHub's Battle Against Hidden Malware
Posted on Mar 03 / 2024
Cyber Intelligence Weekly (February 25, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: U.S. and U.K. Join Forces to Neutralize LockBit Ransomware Operations, The I-Soon Leak and the Glimpse into China's Surveillance State, Cybersecurity Company, Avast, Faces $16.5 Million Fine for Selling User Browsing Data
Posted on Feb 25 / 2024
Cyber Intelligence Weekly (February 18, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: In this week's CIW: Breach of Trust, U.S. Internet Corp.'s Unprecedented Email Privacy Fail, Southern Water Cyberattack, Up to 470,000 Customers' Data Compromised, Russia-Aligned Hackers Target Embassies in Sophisticated Cyber Campaign
Posted on Feb 18 / 2024
Cyber Intelligence Weekly (February 11, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: In this week's CIW: Beyond NSO Group, The Rise of European Spyware Giants, The Rise and Pause of OnlyFake, a Glimpse into the World of Synthetic ID Fraud, Ransomware's Record Year, The $1.1 Billion Threat
Posted on Feb 11 / 2024
Navigating the Top Cybersecurity Risks in 2024
In the rapidly evolving landscape of cybersecurity threats, organizations face an array of risks that demand proactive measures to safeguard sensitive data. This article emphasizes the importance of creating a robust risk register and outlines a four-step process to identify, assess, and manage potential risks effectively.
Posted on Feb 09 / 2024
Cyber Intelligence Weekly (February 4, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: China's Cyber Threat Looms Large Over U.S. Infrastructure, FBI Warns, AnyDesk Confirms Security Breach: Source Code and Keys Stolen, Ivanti Unveils New Zero-Day Amid Ongoing VPN Vulnerability Crisis
Posted on Feb 04 / 2024
Cyber Intelligence Weekly (January 28, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: More Details Revealed on the Midnight Blizzard Attack on Microsoft, Before Microsoft, Tracing Midnight Blizzard’s Attack on HPE, Australia Imposes First-Ever Cyber Sanctions on Russian Hacker Behind Medibank Breach
Posted on Jan 28 / 2024
Cyber Intelligence Weekly (January 21, 2024): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft Leaders Breached by Russian Threat Actors Using Password Spray, Navigating the Ivanti VPN Zero-Day Crisis: What You Need to Know, 71 Million Unique Credentials from Naz.API Dataset Now on HIBP
Posted on Jan 21 / 2024
Cyber Intelligence Weekly (January 14, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: AI in Cybersecurity: A Double-Edged Sword, Bitcoin ETF Fake News, The SEC X (Twitter) Account Compromise, Vulnerabilities Exposed in AI Hiring Chatbot by Hackers, Exposing Personal Data
Posted on Jan 14 / 2024
Cyber Intelligence Weekly (January 7, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: The Blame Game: 23andMe's Controversial Response to a Massive Data Breach, HealthEC Data Breach Has Impact on Millions of Patients, To Pay or Not to Pay: Estes' Stand Against Ransomware Demands
Posted on Jan 07 / 2024
2023's Top Picks: The 10 Must-Read Cybersecurity Articles Authored by Our Team
At Echelon, our team takes pride in contributing to and participating in our cybersecurity community. We regularly publish articles on our Intelligence blog to help our clients (and everyone!) stay vigilant. Here are the top 10 articles from 2023.
Posted on Jan 02 / 2024
Cyber Intelligence Weekly (December 17, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Strangers in Your Network: The Ubiquiti Device Access Debacle, Congress Discovers Pharmacies Hand Over Patient Records Without Warrants, Ukrainian Telecom Targeted in Cyberattack by Russian-Affiliated Hacker Group
Posted on Dec 17 / 2023
Is My Cyber Incident ‘Material’? 10 Questions to Ask to Determine SEC Cybersecurity Materiality
Understand the materiality of cyber incidents according to the Securities and Exchange Commission (SEC) rules. Explore 10 questions to assess the materiality of cybersecurity incidents.
Posted on Dec 16 / 2023
CISOs, Are You Doing Enough to Evaluate and Address Your Vendor Risk?
Is your organization's Vendor Risk Management strategy robust enough? This article explores the critical role of CISOs in assessing new vendors and monitoring existing ones to safeguard against data breaches and potential disruptions. Stay ahead in the evolving landscape of third-party threats and enhance your cybersecurity posture.
Posted on Dec 15 / 2023
The CISO’s Guide to Ramping Up Cybersecurity During the Holidays: 7 Essential Steps for Incident Preparedness
Discover 7 essential steps for CISOs to bolster cybersecurity during the holiday season. Learn how to recognize and prepare for heightened cyber threats, including data-backed insights and attack-specific playbooks.
Posted on Dec 14 / 2023
Cyber Intelligence Weekly (December 10, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: ChatGPT's Inadvertent Data Exposure via a "Divergence Attack", Crypto Under the Microscope: The Binance Settlement and its Impact, UK Accuses FSB of Sustained Hacking Campaigns
Posted on Dec 10 / 2023
Cyber Intelligence Weekly (December 3, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: U.S. Water Utilities Targeted in Series of Hack Attacks, Global Sting Takes Down Ransomware Syndicate in Ukraine, Healthcare Under Siege, New Jersey and Pennsylvania Hospitals Hit by Ransomware
Posted on Dec 03 / 2023
A Six-Step Starter Guide for HIPAA Compliance
Embark on a journey to HIPAA compliance with Daniela Villalobos' comprehensive guide. Explore the six essential steps, understand HIPAA's importance, and discover how Drata's automation tool streamlines the process.
Posted on Nov 27 / 2023
Cyber Intelligence Weekly (November 26, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft Exposes North Korean Supply Chain Attack on Global Software, FNF Cyber Incident Disrupting Real Estate Transactions Nationwide, Citrix Bleed, Lessons from Boeing's Ransomware Situation
Posted on Nov 26 / 2023
Cyber Intelligence Weekly (November 19, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Hackers Weaponize SEC Disclosure Rules Against Victim, Law Enforcement’s Struggle Against the 'Scattered Spider' Cyber Gang, Ransomware Syndicate Alleges Theft of 430 GB of Data in Stanford University Hack
Posted on Nov 19 / 2023
NYDFS Second Amendment to 23NYCRR500: Changes and Updates to the Regulation
Explore the significant changes and updates introduced by the NYDFS Second Amendment to 23NYCRR500, impacting cybersecurity regulations for financial institutions. Erin Conway provides insights on critical amendments, timelines, and actions for compliance.
Posted on Nov 13 / 2023
Cyber Intelligence Weekly (November 12, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: SolarWinds Responds to SEC Charges With “Setting the Record Straight” Blog, LockBit Group Successfully Hacks Largest Bank in the World, ICBC, When Cyber Warfare Meets Missile Strikes: Sandworm's Attack on Ukraine
Posted on Nov 12 / 2023
Cyber Intelligence Weekly (November 5, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: SEC Charges SolarWinds and CISO with Fraud, Internal Control Failures, NYDFS Releases Major Update to Part 500 Cybersecurity Requirements, Global Stand, Nearly 50 Countries Pledge Against Ransom Payments
Posted on Nov 05 / 2023
Cyber Intelligence Weekly (October 29, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week:
Posted on Oct 29 / 2023
Cyber Intelligence Weekly (October 22, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Protecting Your Genetic Privacy: Responding to the 23andMe Data Breach, Cisco's Critical Security Alert: 10,000+ Devices Compromised in Zero-Day Attack, Hired by Deception: How North Korean IT Workers Infiltrated U.S. Companies
Posted on Oct 22 / 2023
Cyber Intelligence Weekly (October 15, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Cyber Chaos: How Hacktivists Intensify the Israel-Hamas Conflict, Vietnamese Government's Bold Attempt to Hack U.S. Officials, Robinhood Users Beware: Hackers Exploit Accounts in Cash-Out Scams
Posted on Oct 15 / 2023
Cyber Intelligence Weekly (October 8, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Clorox Suffers Suspected Scattered Spider Cyberattack, MGM Faces $100 Million Blow from Data Breach, Sony Employees' Data Compromised in Another MOVEit Transfer Breach
Posted on Oct 08 / 2023
Cyber Intelligence Weekly (October 1, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Chinese Hackers Hiding in Routers in the US And Japan, Chinese Hackers Compromise US State Department Emails in Microsoft Breach, Russian Firm Offers $20M Bounty for Mobile Zero-Day Exploits
Posted on Oct 01 / 2023
Cyber Intelligence Weekly (September 24, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Caesars Entertainment Confirms Major Data Breach in SEC Filing, Rise in Thefts of Kia and Hyundai Vehicles in U.S. Cities, Patch Coming to Help, Microsoft AI Researchers Accidentally Expose 38TB of Data
Posted on Sep 24 / 2023
The Language Revolution: Enhancing Cybersecurity with Large Language Models
In this article, Renata Uribe Sánchez explores the transformative impact of large language models (LLMs) in the field of cybersecurity. LLMs, particularly Transformers, are powerful tools within deep neural networks that can interpret and generate natural language, making them invaluable in various applications. The article discusses the benefits of integrating LLMs into cybersecurity, including advanced threat detection, phishing prevention, malware detection, and investigative data analysis. It also highlights the challenges associated with biases, AI-driven hacking, and data privacy.
Posted on Sep 18 / 2023
Cyber Intelligence Weekly (September 17, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Vishing Victories, MGM Resorts' Cybersecurity Breach Unraveled, Cybercriminal "USDoD" Targets FBI, Airbus, and Possibly More, Update Your Browser Now: Critical WebP Vulnerability Threatens Various Apps
Posted on Sep 17 / 2023
Hackin’ SaaS – Echelon’s Top 10 Web App Vulnerabilities
Echelon's Offensive Security (OffSec) team of ethical hackers conducts daily penetration tests on web applications, uncovering common vulnerabilities that threaten online security. In this article, we explore the top 10 web app vulnerabilities frequently encountered during penetration tests. From SQL injection to CORS misconfigurations, we'll delve into each vulnerability and discuss how to both exploit and safeguard against them.
Posted on Sep 13 / 2023
Cyber Intelligence Weekly (September 10, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Forever 21 Faces Significant Data Breach Impacting Half a Million Current and Former Employees, Okta Warns of Social Engineering Attacks on IT Service Desks, Microsoft Hackers Stole Powerful Signing Key from Windows Crash Dump
Posted on Sep 10 / 2023
How to Attract and Retain Women in Cybersecurity
Discover effective strategies and insights to bridge the gender gap in the cybersecurity field with our senior cybersecurity consultant, Shir Butbul. Explore her findings, recruitment practices, mentorship programs, and more as we delve into the crucial mission of attracting and retaining women in cybersecurity. Learn from Shir's expertise and contribute to building a diverse and resilient cybersecurity workforce for a safer digital future.
Posted on Sep 07 / 2023
Cyber Intelligence Weekly (September 3, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: MTA's "Feature" Raises Serious Privacy Concerns, Duolingo User Data Leak Raises Concerns on Data Scraping, U.S. Takes Down QakBot Botnet in Major Operation
Posted on Sep 03 / 2023
Cyber Intelligence Weekly (August 27, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Lapsus$ Hacking Group: Teenagers Behind Major Tech Firm Attacks Found Responsible in Court, Hackers Exploit Credit Bureau Data to Dox Americans for a Fee, Danish Cloud Hosting Firm CloudNordic Faces Severe Ransomware Attack, All Customer Data Lost
Posted on Aug 27 / 2023
Cyber Intelligence Weekly (August 20, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Brunswick in Rough Waters: Unraveling the $85 Million Cyberattack Impact, Chinese Hackers Compromise State Department & GOP Congressman Emails, Urgent Warning Issued Over Citrix ShareFile Vulnerability
Posted on Aug 20 / 2023
Cyber Intelligence Weekly (August 13, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: NPO Mash Breach, North Korea's Growing Cyber Threat Targets Missile Maker, Electoral Commission Hack: Data of 40 Million UK Voters Compromised, Deep Learning Model Can Decode Keyboard Keystrokes Through Sound Have a wonderful week
Posted on Aug 13 / 2023
Cyber Intelligence Weekly (August 6, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: CMU Researchers Uncover Inherent Weakness in AI Chatbots, Midnight Blizzard: Unveiling the Latest Social Engineering Attack on Microsoft Teams, Microsoft Patches Critical Power Platform Vulnerability Amid Criticism
Posted on Aug 06 / 2023
eLearnSecurity Web Application Penetration Tester (eWPT): Overview and How to Prepare for the Exam
Prepare for the eLearnSecurity Web Application Penetration Tester (eWPT) exam with this comprehensive guide. Learn about the exam format, prerequisites, and tips to pass the practical and written assessments. Acquire valuable web application penetration testing skills and enhance your professional profile.
Posted on Aug 01 / 2023
Cyber Intelligence Weekly (July 30, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, U.S. Hunts Chinese Malware Threatening Military Operations, Call of Duty: Modern Warfare 2 Players Targeted by Self-Spreading Malware
Posted on Jul 30 / 2023
Cyber Intelligence Weekly (July 23, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Underestimating the Threat: The True Reach of the Compromised Microsoft Key, North Korea-Backed Hackers Breach JumpCloud to Target Cryptocurrency Clients, Lack of Cybersecurity Priority? Few Fortune 100 Companies Include CISOs in Top Executives
Posted on Jul 23 / 2023
Cyber Intelligence Weekly (July 16, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: From Plan to Action, Implementing the National Cybersecurity Strategy, Microsoft Security Flaw Exposes Intelligence Operation, The Case for a "Secure by Default" Approach, HCA Healthcare Data Breach, Hacker Puts Stolen Data Up for Sale
Posted on Jul 16 / 2023
Cyber Intelligence Weekly (July 9, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Another week full of big stories and things to keep an eye on. In this week's CIW: New Truebot Malware Variants Target US and Canadian Organizations via Netwrix Auditor RCE Bug, New Critical SQL Injection Vulnerability Discovered in MOVEit Transfer Software, Critical FortiGate Vulnerability Leaves Over 300,000 Devices Exposed
Posted on Jul 09 / 2023
Network Pivoting and the eCPPT Exam
Learn about network pivoting techniques for the eCPPT exam and penetration testing. Understand the concept of pivoting, explore tools like Metasploit, Proxychains, SOCKS Proxy, Chisel, and Ligolo-ng, and discover the differences between reverse shells and bind shells.
Posted on Jul 05 / 2023
Cyber Intelligence Weekly (July 2, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: SEC's Warning Shot: SolarWinds' CISO and Employees May Face Enforcement Action, Apple Joins WhatsApp and Signal in Voicing Concerns over UK's Online Safety Bill, MOVEit Ripples Continue to be Felt in Massive CalPERS Breach
Posted on Jul 02 / 2023
Cyber Intelligence Weekly (June 25, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Operation Triangulation: Apple Fixes Zero-Day Vulnerabilities Exploited, Third-Party Vendor Hack, Data Breach Impacting Pilots in Major Airlines, UPS Canada Data Breach Exposes Customers to Targeted Smishing Attacks
Posted on Jun 25 / 2023
Cyber Intelligence Weekly (June 18, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: MOVEit Transfer Customers Warned of NEW Critical Flaw, Government Agencies Hacked, Unsolicited Smartwatches Pose Cybersecurity Threat to Service Members, SEC Delays Final Rule on Four-Day Breach Notification for Public Companies
Posted on Jun 18 / 2023
Cyber Intelligence Weekly (June 11, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Barracuda Networks Advises Replacing Compromised Email Security Gateway Appliances, Another Medical Data Breach Tied to Forta SFTP Software, Largest Healthcare Data Breach of 2023: Dental Insurer Hacked, 9 Million Patients Affected
Posted on Jun 11 / 2023
Cyber Intelligence Weekly (June 4, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: MOVEit, Get out the Way, Get out the Way!, Barracuda Discloses Seven-Month Exploitation of Zero-Day Vulnerability, FTC Takes Aim at Amazon, Alexa and Ring Settlements Highlight Privacy Concerns
Posted on Jun 04 / 2023
Cyber Intelligence Weekly (May 28, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Meta Hit with GDPR Record $1.3 Billion Fine for Privacy Violations, U.S. Surgeon General Issues New Advisory About Effects Social Media Use Has on Youth Mental Health, Spain's Push to Ban End-to-End Encryption Raises Concerns for Online Privacy
Posted on May 28 / 2023
Adaptability and Perseverance – Breaking Down the 2023 CrowdStrike Global Threat Report
Here are our key takeaways from CrowdStrike's 2023 Global Threat Report. Discover the latest threat trends and explore recommendations for staying ahead of threats.
Posted on May 23 / 2023
Busting Myths about Microsoft 365 Security (Healthcare Edition)
Uncover the truth about Microsoft 365 security in healthcare organizations. Learn why myths about security tools, Microsoft's default settings, third-party filters, and HIPAA certification can leave your organization vulnerable.
Posted on May 23 / 2023
It’s Time for Healthcare to Focus on Vendor Risk Maturity
Cybersecurity breaches are on the rise for healthcare, with many coming through the supply chain. Here's practical advice on how to assess the maturity of a third-party risk management program and reduce the risk associated with vendors and business partners.
Posted on May 22 / 2023
Cyber Intelligence Weekly (May 21, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: KeePass Vulnerability Exposes Master Passwords: A Critical Security Risk, Unveiling the Risk: Police-Auctioned Cell Phones and Re-Victimization, Toyota Japan's Data Breach: Millions of Vehicle Location Data Expose
Posted on May 21 / 2023
Cyber Intelligence Weekly (May 14, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Dragos Overcomes Ransomware Extortion Attempt by Threat Actor, FBI Disrupts Snake Malware Network Controlled by Russia's Federal Security Service, MSI UEFI Signing Key Leak Triggers Supply Chain Security Concerns
Posted on May 14 / 2023
Why Every Healthcare Organization Should Assess their Microsoft 365 Environment
Healthcare organizations should assess their Microsoft 365 environment to protect sensitive data and reduce cyber threats. Read on to learn more.
Posted on May 10 / 2023
Hacker's Perspective: A Modern Approach to Cross-Site Request Forgery
Learn how to locate and exploit Cross-Site Request Forgery (CSRF) vulnerabilities in modern web applications by understanding client-side and server-side code interactions, CSRF tokens, and SameSite cookie policies.
Posted on May 10 / 2023
Cyber Intelligence Weekly (May 7, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Apple's Swift Response: First Rapid Security Fixes for iPhones, iPads, and Macs, Google Takes the Lead in Password-Free Authentication for All Accounts, Largest International Operation Against Darknet Drug Trafficking Recently Executed
Posted on May 07 / 2023
To hire, or not to hire a CISO? That is the question. Or is it though?
Small to mid-sized businesses often wonder whether to hire a Chief Information Security Officer (CISO). This article examines the factors for SMBs to consider when deciding to hire a full-time or fractional CISO.
Posted on May 04 / 2023
Cyber Intelligence Weekly (April 30, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week:Double the Supply Chain Attack, Double the Fun!, Western Digital Faces Extortion Attempt After Hackers Steal 10 Terabytes of Data, March 2023 Sees the Highest Number of Ransomware Attacks in Three Years
Posted on Apr 30 / 2023
Level-Up Your Testing with Adversarial-Based Red Teaming and the TIBER-EU Framework
Traditional penetration testing may not be enough to simulate real-world attack scenarios. Discover the benefits of adversarial-based red teaming with the TIBER-EU Framework to improve your organization's ability to detect, respond to, and mitigate sophisticated attacks.
Posted on Apr 27 / 2023
Cyber Intelligence Weekly (April 23, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Double the Supply Chain Attack, Double the Fun!, Western Digital Faces Extortion Attempt After Hackers Steal 10 Terabytes of Data, March 2023 Sees the Highest Number of Ransomware Attacks in Three Years
Posted on Apr 23 / 2023
Cyber Definition Problems: Red Teaming vs. Penetration Testing
Cybersecurity terms like "red teaming" and "penetration testing" are often used interchangeably, leading to confusion and misinformation. This article explores the differences between these assessments and why the misuse of terms can be detrimental to the industry.
Posted on Apr 17 / 2023
Cyber Intelligence Weekly (April 16, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Air National Guardsman Arrested in Pentagon Classified Document Leak, Samsung Employees Leaked Sensitive Data to ChatGPT, First-of-Its-Kind Cybersecurity Guidance Urges Secure-by-Design Software
Posted on Apr 16 / 2023
The 5 Things I Learned About Consulting in My First 5 Months as a Consultant at Echelon Risk + Cyber
Six years into her professional career, Shir Butbul decided to make a career change and move into consulting after working as a GRC Lead for various companies. Here's what she has learned on her journey.
Posted on Apr 10 / 2023
Cyber Intelligence Weekly (April 9, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: U.S. Justice Department and International Partners Shut Down Genesis Market, Italian Regulators Crack Down on ChatGPT Over Data Privacy Concerns, TMX Finance Customers' Personal Data Stolen in Major Security Breach
Posted on Apr 09 / 2023
Cyber Intelligence Weekly (April 2, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Kremlin Cyber Espionage Tactics Revealed in Released Vulkan Files, Massive Supply Chain Attack Hitting 3CX Desktop App, U.S. Executive Order Restricts Procurement of Commercial Spyware
Posted on Apr 02 / 2023
Vulnerability Management: Minimizing Risks, Maximizing Security
A reactive approach to mitigating infrastructure vulnerabilities - or playing “vulnerability whack-a-mole” - is both unsustainable and ineffective. Here's how a formal vulnerability management program provides proactive, sustainable, and effective measures to defend against cyberattacks.
Posted on Mar 31 / 2023
Cyber Intelligence Weekly (March 26, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Is TikTok the Problem, or are We the Problem?, Chinese-Based Pinduoduo App Banned by Google Over Malware Concerns, Ferrari Reveals Cyberattack After Receiving Ransom Demand
Posted on Mar 26 / 2023
Cyber Intelligence Weekly (March 19, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Google’s Mandiant Warns of Stealthy Chinese-Backed Attacks, Feds Charge NY Man as BreachForums Boss “Pompompurin”, SEC Proposes New Requirements to Address Cybersecurity Risks to the U.S. Securities Markets
Posted on Mar 19 / 2023
Pen Testing is Not Enough – Red Teaming Assessments in Healthcare
Learn why pen testing alone isn't enough to secure healthcare organizations from cyber threats, and how red team assessments can help identify and mitigate vulnerabilities. Here's a comprehensive overview of red teaming and its importance in healthcare cybersecurity.
Posted on Mar 14 / 2023
Cyber Intelligence Weekly (March 12, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: SEC Fines Blackbaud $3 Million for Misleading Disclosures About Ransomware Attack, Minneapolis Public Schools Held Hostage by Medusa Ransomware Gang, U.S. Marshals Service Hit with Ransomware Attack and Data Breach
Posted on Mar 12 / 2023
eLearnSecurity Certified Professional Penetration Tester (eCPPT): Overview and How to Prepare for the Exam
Preparing for the eLearnSecurity Certified Professional Penetration Tester (eCPPTv2) exam? Here are three experiences from the Echelon Offensive Security Team and tips on how to prepare.
Posted on Mar 06 / 2023
Cyber Intelligence Weekly (March 5, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Biden-Harris Administration Announces National Cybersecurity Strategy, LastPass Security Breach: A Lesson on the Power of Timely Software Updates, Dish Network Hit by Ransomware Attack, Data Stolen by Cybercriminals
Posted on Mar 05 / 2023
Cyber Intelligence Weekly (February 26, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Atlassian Investigates Breach as Hackers Publish Stolen Data Online, Pepsi Bottling, Where’s My Data?, Sensitive US Military Emails Exposed on Misconfigured Server
Posted on Feb 26 / 2023
Cyber Intelligence Weekly (February 19, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: GoDaddy Suffers Three-Year Cyberattack Siege by Hackers, Cybersecurity Incident at MKS Blamed for Sales Shortfall for Applied Materials, CNN Reports that FBI Systems Were Breached by Hackers
Posted on Feb 19 / 2023
eJPTv2 Certification: Overview and How to Prepare for the Exam
The eJPTv2 certification is a globally recognized entry-level information security certification that validates practical penetration testing skills. Take a look at this article redacted by our Offsec team where they provide an overview of the certification and tips on how to prepare for the exam.
Posted on Feb 16 / 2023
Cyber Intelligence Weekly (February 12, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang, TruthFinder and Instant Checkmate Background Check Services Suffer Massive Breach, Toyota’s Global Supplier Management Network System Pwn’ed by Security Researcher
Posted on Feb 12 / 2023
Practical Strategies to Enhance Your Organization’s Information Security Awareness and Training Program
When it comes to cybersecurity, all organizations share a similar risk – the possibility of human error. When it comes to educating your people about cyber, one size does NOT fit all. Here are six strategies to mature your information security awareness and training program.
Posted on Feb 09 / 2023
Cyber Intelligence Weekly (February 5, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: GoodRx Hit with $1.5 Million Fine for Sharing User’s Health Data, VMware ESXi Servers Targeted in Massive Worldwide Ransomware Attack, Threat Actors Abuse Microsoft’s Verified Publisher Status to Carry Out Attacks
Posted on Feb 05 / 2023
Cyber Intelligence Weekly (January 29, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Riot Games League of Legends Source Code Stolen, Hackers Demand $10 Million, For LastPass Owner, GoTo, Breach Situation Gets Worse, CISA, NSA, and MS-ISAC Release Advisory on the Malicious Use of RMM Software
Posted on Jan 29 / 2023
Cyber Intelligence Weekly (January 22, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: New T-Mobile Breach Affects 37 Million Accounts, Thousands of Norton LifeLock Customer Accounts Breached, Third-Party Administrator, Bay Bridge, Notifies Patients of Data Breach
Posted on Jan 22 / 2023
Cyber Intelligence Weekly (January 15, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Royal Mail Service Interrupted After Ransomware Attack, Police App Leaks Secret Details About Raids and Personal Data About Suspects, FAA Blames Massive Outage on Database Integrity Issue
Posted on Jan 15 / 2023
Cyber Intelligence Weekly (January 8, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Slack’s GitHub Compromised Over the Holidays, Zero-Day to Blame for Rackspace Breach, U.S. Nuclear Scientists Were Targeted by Russian Hackers.
Posted on Jan 09 / 2023
Cyber Intelligence Weekly (January 1, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: The LastPass Hack, What You Need to Know, The Worst Hacks of 2022, The Equifax Breach Settlement Offer is Real, For Now
Posted on Jan 01 / 2023
Cyber Intelligence Weekly (December 18, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Stolen Information on More Than 80K InfraGard Members Is Allegedly Being Sold on the Dark Web, Former Twitter Employee Hit with Jail Sentence for Spying for Saudi Arabia, Rackspace Hosted Exchange Email Capabilities Still Offline After Ransomware Attack
Posted on Dec 18 / 2022
Top 10 Cybersecurity Articles in 2022
At Echelon, our team takes pride in contributing to and participating in our cybersecurity community. We regularly publish articles on our Intelligence blog to help our clients (and everyone!) stay vigilant. Here are the top 10 articles from 2022.
Posted on Dec 12 / 2022
Cyber Intelligence Weekly (December 11, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: New Ransom Payment Schemes Target Executives, Telemedicine, Majority of U.S. Defense Contractors Not Meeting Basic Cyber Requirements, ChatGPT Unlocking the Potential of AI For Threat Actors?
Posted on Dec 11 / 2022
Cyber Intelligence Weekly (December 4, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: LastPass Announces Another Security Incident, Huge Trove of Phone Numbers (360 Million) for Sale on Dark Web, Krebs Notes That ConnectWise Quietly Patches Flaw That Helps Phishers
Posted on Dec 04 / 2022
Hacker’s Perspective: Securing JSON Web Tokens
If you are a modern-day developer, you’re probably plenty familiar with JSON Web Tokens (JWT’s). They perform their job efficiently when correctly implemented. Unfortunately, they can also be vulnerable to malicious threat actors.
Posted on Nov 28 / 2022
Cyber Intelligence Weekly (November 27, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Department of Defense Releases Zero Trust Strategy and Roadmap, FCC Bans Authorizations for Devices That Pose National Security Threat, Hundreds Arrested in UK Fraud Service Website iSpoof
Posted on Nov 27 / 2022
Cyber Intelligence Weekly (November 20, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: CISA Announces Iranian Government-Sponsored APT Actors Compromise Federal Network, Researchers Quietly Cracked Zeppelin Ransomware Keys, Russian Software Disguised as American Present in 8,000+ Apps
Posted on Nov 20 / 2022
Cyber Intelligence Weekly (November 13, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Twitter Verification Mess Causing Billion Dollar Losses in the Stock Market, Australian Federal Police to Hackers, “We Know Who You Are”, Feds Seize $3.36 Billion in Cryptocurrency Hidden Under Floorboards (This is a real story!)
Posted on Nov 13 / 2022
ISO/IEC 27001:2022 – Your Guide to the Updates and How to Get (and Stay) Compliant
The highly anticipated ISO 27001:2022 updates modernize the standard to keep up with the evolving cyber landscape. Here's everything you need to know about the changes and how you can get (and stay) compliant.
Posted on Nov 11 / 2022
Bite-Sized Cyber Essentials: Network VPNs
Virtual Private Networks (VPNs) are often presented as the ultimate tool for privacy and anonymity. But this is a strong misconception. Using a VPN does not guarantee protection from location tracking, social and web profiling, and most importantly, using a VPN does not guarantee anonymity.
Posted on Nov 09 / 2022
Cyber Intelligence Weekly (November 6, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: United States Exploring Review of Twitter Deal, Ties to Foreign Investments, Snack Maker Mondelez Settles NotPetya 'Act of War' Insurance Suit with Zurich, NSA Watchdog Concluded One Analyst’s Surveillance Project Went Too Far
Posted on Nov 06 / 2022
Cyber Intelligence Weekly (October 30, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Advocate Aurora Health Confirms Breach of Millions of Patient Records Due to Meta Pixel, Misconfigured Microsoft Data Bucket Leaks Sensitive Data of 65,000+ Entities, LockBit Group Says They Stole 1.4TB of Data From UK’s Kingfisher Insurance
Posted on Oct 30 / 2022
Cyber Intelligence Weekly (October 23, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Australia’s Largest Healthcare Insurer Confirms Data Breach, CISA Begins Request for Comments on Microsoft 365 Security Configuration Baselines, Feds Warn About Ransomware Threats to Healthcare Organizations
Posted on Oct 23 / 2022
Case Study: Utility Cloud Partners with Echelon to Boost Security of their Web Application
Utility Cloud is an operations management software designed to help utilities such as water, wastewater, and natural gas digitally manage their assets and work orders. Here's how Echelon Risk + Cyber helped ensure they are functioning at their most secure level.
Posted on Oct 21 / 2022
Cyber Intelligence Weekly (October 16, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Vulnerable Fortigate Products FortiOS / FortiProxy / FortiSwitchManager Allow Authentication Bypass on Administrative Interface, Ferrari Denies Data Breach and Ransomware Attack Following Gang’s Online Claims, GCHQ Head says Chinese Tech Poses Major Risk
Posted on Oct 16 / 2022
Bite-Sized Cyber Essentials: Multi-Factor Authentication
Multi-factor authentication (MFA) is the process of having more than one form of authentication to ensure that if one methods is compromised, an attacker is still unable to access the account.
Posted on Oct 12 / 2022
Bite-Sized Cyber Essentials: Password Practices and Password Managers
Passwords have not gone away yet. Although there may be new forms of logging in, such as biometric logins, passwords still ultimately serve as our master key to sign in. This means we need to take better care of how we create, use, and store our passwords.
Posted on Oct 12 / 2022
Cyber Intelligence Weekly (October 9, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Former Chief Security Officer Of Uber Convicted Of Federal Charges For Covering Up Data Breach, LA School’s Stolen Data More Sensitive than Expected,Russian Speaking Hackers Knock US State Government Websites Offline.
Posted on Oct 10 / 2022
Cyber Intelligence Weekly (October 2, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft Exchange Server Experiencing Two New Zero-Day Vulnerabilities, LinkedIn Riddled with Fake Fortune 500 CISO Profiles, Fast Company Content Management System Hacked, Offensive Apple News Alert Sent
Posted on Oct 02 / 2022
Cyber Intelligence Weekly (September 25, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager, American Airlines Data Breach Exposes Employee and Customer Data, Australian Telecom Giant Optus Suffers Hack
Posted on Sep 25 / 2022
Cyber Intelligence Weekly (September 18, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week:
Posted on Sep 18 / 2022
DEF CON 30 in Review: How the Echelon Team Won a Black Badge, and a Black Badge Breakdown
Buckle up for the story of how the Echelon team won the coveted DEF CON Black Badge, and dive deep into Ross Flynn's detail breaking down the Black Badge.
Posted on Sep 13 / 2022
Cyber Intelligence Weekly (September 11, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Security Officials Concerns Raised Over Liability for Attacks, GIFShell attack creates reverse shell using Microsoft Teams GIFs, New Google Chrome Zero-Day Has Users Scrambling to Update
Posted on Sep 11 / 2022
Cyber Intelligence Weekly (September 4, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Chinese Database with Facial Recognition and License Plate Data Leaked, Nelnet Servicing Breach Exposes Data of 2.5M Student Loan Accounts, Italian Oil Giant, Eni, Hit by Hackers
Posted on Sep 04 / 2022
Cyber Intelligence Weekly (August 28, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Popular Password Manager LastPass Suffers Security Incident, Mudge has some Serious Twitter Beef, Roasting 0ktapus: The Phishing Campaign Going after Okta Identity Credentials
Posted on Aug 28 / 2022
Are Your Vendors “Tall enough to Ride the Ride”?
We can think about an amusement park’s rider height and restriction requirements as a useful way to describe risk tolerances when onboarding new vendors or increasing scopes of work to existing ones.
Posted on Aug 22 / 2022
Cyber Intelligence Weekly (August 21, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: TikTok’s Built-In Browser Can Log Keystrokes, Researcher Says, Lloyd’s of London to Exclude State-Backed Cyber Attacks from all Coverage, 1,900 Signal User’s Numbers Exposed Due to Twilio Breach
Posted on Aug 21 / 2022
Cyber Intelligence Weekly (August 14, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Sounding the Alarm on the Emergency Alert System (EAS), Starlink Satellite Dish Hacked with $25 in Parts, Cisco Confirms Cyber Attack in May of 2022, Ties to $Lapsus
Posted on Aug 14 / 2022
Cyber Intelligence Weekly (August 7, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: A Peek into Microsoft’s Microsoft Offensive Research & Security Engineering (MORSE) Team; Scammers Sent Uber to Take Elderly Lady to the Bank; Another Rough Week for Web3, Dual Hacks Causing Havoc
Posted on Aug 08 / 2022
Cyber Intelligence Weekly (July 31, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: UEFI Rootkits, Hidden Lurking Malware, Untangling KNOTWEED, Microsoft Highlights Austrian Cyber Actor in Latest Blog, Hacker Teaches How to Shoplift at Recent Conference.
Posted on Aug 01 / 2022
Cyber Intelligence Weekly (July 24, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Data of 5.4 Million Twitter Users is Allegedly up for Sale, Popular NFT Queue Software PREMINT Compromised, $375k in NFT’s Stolen, Russian Hackers Released Fake Pro-Ukrainian App to Track Users and Infrastructure
Posted on Jul 24 / 2022
Cyber Intelligence Weekly (July 17, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Amazon Handed Ring Videos to Police Without Warrants, Honda Key Fob Hack Allows Anyone to Remotely Unlock Honda Cars, North Korean Operatives are Trying to Infiltrate US Crypto Firms
Posted on Jul 17 / 2022
Cyber Intelligence Weekly (July 10, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Florida Man Arrested for Selling $1 Billion in Fake Cisco Hardware on Amazon, eBay, Apple Unveils new “Lockdown Mode” to Protect Users from Targeted Spyware, NFT Marketplace OpenSea Reports Massive Email Data Breach
Posted on Jul 10 / 2022
Cyber Intelligence Weekly (July 3, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Flagstar Bank Breach Affects over 1.5 Million Customers, Attorney General James Secures $400,000 From Wegmans After Data Breach Exposed Consumers’ Personal Information, Microsoft Finds Raspberry Robin Worm in Hundreds of Windows Networks.
Posted on Jul 05 / 2022
Cyber Intelligence Weekly (June 26, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: The TikTok Tapes, Leaked Meeting Recordings Show US User Data Accessed Regularly in China, Microsoft Releases New Report; Defending Ukraine, Early Lessons from the Cyber War, Users Being Targeted by New Zero-Day Spyware, Hermit
Posted on Jun 26 / 2022
RSA 2022 Recap: Our Main Takeaways
This year’s RSA 2022 event was centered around the theme of “Transform,” which is really on-point for the world we live in. Here are Paul Matvey's big takeaways from the event.
Posted on Jun 20 / 2022
Cyber Intelligence Weekly (June 19, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: L3Harris Technologies in Talks to Buy NSO Groups Hacking Tools, Actively Exploited Follina Vulnerability Finally Addressed in Latest Windows CU, Hacked Email Account Potentially Led to Breach at Kaiser Permanente
Posted on Jun 19 / 2022
Cyber Intelligence Weekly (June 13, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: NSA, CISA, and FBI Expose PRC State-Sponsored Exploitation of Network Providers, Devices, Back From the Dead, Emotet Returns in 2022, Follina Exploiters Growing by the Day, Still No Patch from Microsoft
Posted on Jun 12 / 2022
Cyber Intelligence Weekly (June 5, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft “Follina” Zero-Day Vulnerability Causing Worldwide Concern, Massive Cyberattacks Crippling Costa Rica and Several Universities Put on Watch, Credentials Offered for Sale
Posted on Jun 05 / 2022
Postcard from the 2022 PA Bankers Convention
Upon returning home from Scottsdale, AZ for the PA Bankers Convention of 2022, I had some time to reflect on my three key takeaways from my time spent amongst leaders in the great banking industry of Pennsylvania.
Posted on May 29 / 2022
Cyber Intelligence Weekly (May 29, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft “Raising the Baseline Security for all Organizations in the World”, FTC Charges Twitter with Deceptively Using Account Security Data to Sell Targeted Ads, Hacker Steals Data on Hundreds of Verizon Employees
Posted on May 29 / 2022
Hacker’s Perspective: Web App Vulnerabilities - An In-Depth Look at Attacking File Uploads
File uploads are ubiquitous, making them a prime target for attackers. Here's how ethical hackers test your resilience against these kinds of attacks.
Posted on May 25 / 2022
Cyber Intelligence Weekly (May 22, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act, Flaw in Texas Website Exposed 1.8 Million Resident’s Data for Years, and Microsoft Bing’s Chinese Political Censorship of Autosuggestions in North America.
Posted on May 22 / 2022
Hacker’s Perspective: Web App Vulnerabilities - Algolia API Keys
Are you exposing your company's internal data? Algolia APIs are extremely useful for efficient access to stored data, but the keys used to access them are easily misconfigured and can give attackers access to allow an attacker to launch a site-wide attack.
Posted on May 16 / 2022
Cyber Intelligence Weekly (May 15, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Thousands of Websites Collect Your Data in Web Forms Before Form Submission, DEA Law Enforcement Portal Possibly Breached, Businesses Seek to Soften Up SEC Cybersecurity Reporting and Disclosure Rules
Posted on May 15 / 2022
Cyber Intelligence Weekly (May 8, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Data Broker Is Selling Location Data of People Who Visit Abortion Clinics, Nakasone Says Cyber Command Did Nine 'Hunt Forward' Ops Last Year, Heroku Recently Forced Customer Password Resets After GitHub OAuth Token Theft
Posted on May 08 / 2022
Cyber Intelligence Weekly (May 1, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Russia Sanctions Complicate Paying Ransomware Hackers, French Fiber Optic Attack Highlights Physical Vulnerabilities to Critical Infrastructure, FBI Conducted Millions of Searches of Americans’ Data Last Year
Posted on May 01 / 2022
Cyber Intelligence Weekly (April 24, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: T-Mobile Breached Again, This Time by Lapsus$, Criminals Abuse Apple Pay in Spending Sprees, Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities
Posted on Apr 24 / 2022
Right in your Lapsus$ – How Attackers are Playing a Different Game
Many cutting-edge security programs base their defenses on sophisticated, nation-state level threat actors. How, then, have so many of them gotten hacked recently by a new and less-sophisticated group, Lapsus$?
Posted on Apr 19 / 2022
Cyber Intelligence Weekly (April 17, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems, Widely Used Autonomous Hospital Robots at Risk of Remote Hijacking, Mirai Malware Leveraging Spring4Shell Exploits for Botnet Delivery
Posted on Apr 17 / 2022
What the Lapsus$ Attacks Should Teach Us About Third-Party Insider Threat
The Lapsus$ attacks have helped companies realize that third-party vendors can be the 'weakest link' within their own organizations. This article summarizes what companies can learn (and do) to protect data.
Posted on Apr 11 / 2022
Cyber Intelligence Weekly (April 10, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: US Government Disrupts Russian Government Controlled Botnet, German Federal Police Shut Down Russia’s Dark Web Market, Hydra, Block Says Former Worker Accessed U.S. Customer Data Without Approval
Posted on Apr 10 / 2022
Looking Inward, Charting a New Course for Effective TPRM
Most current third-party risk management (TPRM) programs are external-facing. But what if the greatest threat to your organization wasn’t external?
Posted on Apr 06 / 2022
Cyber Intelligence Weekly (April 3, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Software Giant Globant Confirms Breach after LAPSUS$ Shares 70GB of Stolen Data, Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”, Critical GitLab Vulnerability Allows Attackers to Take Over Accounts
Posted on Apr 03 / 2022
Adaptability and Perseverance – Breaking Down CrowdStrike’s Perspective on the 2022 Global Threat Landscape
The year 2021 brought about some serious cyber challenges. This article summarizes key takeaways from CrowdStrike's Global Threat Landscape report, provides a breakdown of the five 2021 themes, and gives our take on seven recommendations that resonate most with us.
Posted on Apr 01 / 2022
Cyber Intelligence Weekly (March 27, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Okta Compromise by LAPSUS$ Causes Massive Concern, LAPSUS$ Hackers Leak 37GB of Microsoft's Alleged Source Code, U.K. Police Arrest 7 Related to LAPSUS$ Hacks on Tech Firms
Posted on Mar 27 / 2022
The Countdown Begins for Financial Institutions Using FedLine Solutions
In January 2021, the Federal Reserve Banks implemented the Security and Resiliency Assurance Program outlining new compliance requirements for banks that use FedLine® by the end of 2022. This article outlines everything you need to know about this new program.
Posted on Mar 23 / 2022
Cyber Intelligence Weekly (March 20, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Germany Warns Against Use of Kaspersky Antivirus Software, Microsoft Defender Tags Office Updates as Ransomware Activity, Ukraine’s President Zelensky Deepfaked in False Surrender Tactic
Posted on Mar 20 / 2022
eLearnSecurity’s Web Application Penetration Tester eXtreme: Overview and How to Prepare for the Exam
The eWPTX is an expert-level certification covering advanced web application exploitation and analysis. Here’s one cybersecurity consultant’s experience and tips on how to prepare.
Posted on Mar 17 / 2022
Maturing Your IAM Program: Role-Based Access Control (RBAC)
Role Based Access Control (RBAC) has become the holy grail of access management. What does RBAC stand for? Here are a few tips on how to strategically approach your RBAC adoption journey.
Posted on Mar 16 / 2022
Cyber Intelligence Weekly (March 13, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: SEC Steps up Cybersecurity Requirements in a Big Way, Hackers in Space Disrupt Satellite Systems and Customers, Serious Flaw Found in Microsoft’s Azure Automation Service
Posted on Mar 13 / 2022
Cyber Intelligence Weekly (March 6, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Senate Passes Cyber Incident Reporting Bill, House Next Up, Kinetic and Cyber Warfare, Microsoft Responds, Conti Ransomware Group Data Leaked by Security Researcher
Posted on Mar 06 / 2022
The Countdown is On: New Cyber Incident Reporting Requirements for Banks
Lawmakers have argued about mandatory cyber incident reporting for years, but it has never gained the traction needed to become widespread law. For those in the banking industry, this is all about to change.
Posted on Mar 02 / 2022
Echelon Risk + Cyber Joins CrowdStrike’s Elevate Partner Program
Partnership Delivers Best-in-Class Solutions and Services to Help Companies Stop Breaches and Achieve a Higher Level of Endpoint Protection
Posted on Feb 28 / 2022
Cyber Intelligence Weekly (Feb 27, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Ukrainian Hacktivists Fight Back Against Russian Aggressors in Cyber Space, F12 Does Not Equal Hacking, Missouri Governor’s Call for Investigation Proves Worthless, and South Korean Researchers Crack Code for Hive Ransomware
Posted on Feb 27 / 2022
Case Study: MetaOptima Enhances Security Practices through a Web Application Assessment
As an organization that stores sensitive medical data, MetaOptima is focused on investing in their security posture. Here's how Echelon Risk + Cyber helped ensure they are functioning at their most secure level.
Posted on Feb 22 / 2022
Cyber Intelligence Weekly (Feb 20, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: San Francisco 49ers Hit with Ransomware Attack, As Russia/Ukraine Tensions Mount, So Do Cyber Concerns Globally, No One Cares About Your Wordle Score, Or Your Privacy
Posted on Feb 20 / 2022
How Safe is it to Scan a QR Code?
QR codes are clever (just ask Coinbase), but they can be security nightmares. Here’s what our CEO, Dan Desko, had to say when he was interviewed about this year’s Super Bowl ad.
Posted on Feb 15 / 2022
Cyber Intelligence Weekly (Feb 13, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Laundering $4.5 Billion of Bitcoin is Apparently Pretty Difficult, Decryptor Released for Several Ransomware Strains, IRS Transitions Away from Plans to use Facial Recognition
Posted on Feb 13 / 2022
Cyber Intelligence Weekly (Feb 6, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Chinese Surveillance Key Area of Concern as 2022 Olympics Kickoff, Major German Oil Storage Company Hit by BlackCat Ransomware, and Man at Home in Pajamas, Takes Down North Korean Internet
Posted on Feb 06 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Hacking GraphQL
GraphQL is a commonly used query language for manipulating APIs. Properly secured, it is a useful tool for web application development. Configured improperly, it can have devastating results.
Posted on Jan 31 / 2022
Continuous Penetration Testing: Shattering the Hourglass
Threats are continuously evolving - your pen testing should too. As attackers constantly find new vulnerabilities to exploit, a continuous penetration testing approach persistently emulates threat actor activity within a company’s unique environment, helping them stay secure over time.
Posted on Jan 31 / 2022
Cyber Intelligence Weekly (Jan 30, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Supposed Belarusian “Hacktivists” Disrupt Belarusian Railways with Ransomware, Ukraine Wiper Malware Used Code Repurposed from Another Ransomware, and White House Making Good on Promised Cyber Strategy.
Posted on Jan 30 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Password Reset Feature
Password Reset features can be dangerous and must be implemented securely. Otherwise, user accounts can be compromised.
Posted on Jan 24 / 2022
Cyber Intelligence Weekly (Jan 23, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Crypto.com Loses $30 Million in Crypto Through Hack, Cyberattack Affects Red Cross Work, Exposes Confidential Data for Vulnerable People, Hackers Got Comfy Inside Ukrainian Systems for Months Before Launching Attacks
Posted on Jan 23 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Detailed Error Messages
Detailed error messages may seem unimportant, but they can be very valuable for attackers. Here's more on why they are important and how you can fix this web app vulnerability.
Posted on Jan 18 / 2022
Cyber Intelligence Weekly (Jan 16, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Russia Pretends to Care About Criminal Cybersecurity Activity for a Day, Ukraine State Websites Hit with Cyber Attack, and EU Police Agency, Europol, Forced to Delete Mass Amounts of Personal Data
Posted on Jan 16 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Invite Feature
Hidden dangers within your web app’s ‘invite’ feature, why it matters, and how you can fix it.
Posted on Jan 13 / 2022
CMMC 2.0 - Three Big Reasons to Start the Compliance Process Now
The DoD’s Cybersecurity Maturity Model Certification (CMMC 2.0) framework is changing, but there are many advantages to beginning your compliance journey now rather than later.
Posted on Jan 13 / 2022
Cyber Intelligence Weekly (Jan 9, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Commercial Antivirus Products Now Come with Free Crypto Miners! (Not Kidding), Stalking/Privacy Concerns Abound with Apple AirTag Device, and Russian IT Exec Recently Captured for Insider Trading May Have Deep Kremlin Ties
Posted on Jan 09 / 2022
Cyber Intelligence Weekly (Jan 2, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Cheers to Y2K22! Should old acquaintance Microsoft Exchange be forgot, and never brought to mind?, Users of Popular Password Manager Targeted in Credential Stuffing Attacks, and Shutterfly Hit with Massive Ransomware Attack
Posted on Jan 02 / 2022
Top 10 Cybersecurity Articles in 2021
At Echelon, our team takes pride in contributing to and participating in our cybersecurity community. We regularly publish articles on our Intelligence blog to help our clients (and everyone!) stay vigilant. Here are the top 10 articles from 2021.
Posted on Dec 20 / 2021
Cyber Intelligence Weekly (Dec 19, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Log4j Fallout Continues and New Vulnerabilities Uncovered, What Management Should be Asking About Log4j/Log4Shell, Microsoft and Mandiant Observe Exploitation of Log4Shell in the Wild
Posted on Dec 19 / 2021
Log4shell: How Attackers are (Currently) Breaking the Internet, and How to Mitigate
Websites are like buildings. If your website's foundation is vulnerable to Log4j, check out this overview of the attack, how to test for it, and how to mitigate it.
Posted on Dec 16 / 2021
Top 7 Cybersecurity Predictions for 2022
As 2021 winds down, we take a peek into the future of cybersecurity for 2022. Will our predictions come true?
Posted on Dec 14 / 2021
Cyber Intelligence Weekly (Dec 12, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Critical Vulnerability in Ubiquitous Java Logging Utility, Log4j, America Runs on D̶u̶n̶k̶i̶n̶ AWS, Emotet Malware Making a Strong Comeback
Posted on Dec 12 / 2021
Cyber Intelligence Weekly (Dec 5, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Former Ubiquiti Developer Charged by FBI for Extorting His Employer, NSO Group Tools Target U.S. and Other Officials in Uganda, and Hackers Are Spamming Businesses’ Receipt Printers With ‘Antiwork’ Manifestos
Posted on Dec 05 / 2021
Cyber Intelligence Weekly (Nov 28, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: GoDaddy Announces Security Incident Affecting Managed WordPress Service, Apple Sues NSO Group to Curb the Abuse of State-Sponsored Spyware, Brian Krebs Rings Alarm Bell on Zelle Fraud Scam for a Second Time
Posted on Nov 28 / 2021
Cyber Intelligence Weekly (Nov 21, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: United States Charges Two Iranians with Attempting to Interfere with 2020 Presidential Election, $500 million in Cyber Spending Inches Closer to Reality as Part of 'Build Back Better' Bill, and Cisa Release Playbook for Incident Response.
Posted on Nov 21 / 2021
Cyber Intelligence Weekly (Nov 14, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Robinhood Announces Data Breach, Millions of Records Involved, FBI Systems Abused in Hoax Email Blast, 50+ Flaws In This Month’s Patch Tuesday from Microsoft.
Posted on Nov 14 / 2021
Embracing New Technology? Here’s How to Keep Cybersecurity Top of Mind
As technology advances at an unprecedented pace, many businesses are aggressively accelerating adoption to maintain a competitive advantage. But there’s a big risk for those who don’t keep cybersecurity top of mind.
Posted on Nov 10 / 2021
Cyber Intelligence Weekly (Nov 7, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Department of Defense Cybersecurity Framework - CMMC - Gets Major Overhaul, Company Directors and Boards in the Crosshairs Over Cyber Incidents, and Israeli Spyware Producer NSO Group Blacklisted by US Government
Posted on Nov 07 / 2021
CMMC Update: November 5, 2021 - Five Key Takeaways
The Cybersecurity Maturity Model Certification (CMMC) underwent a huge makeover in the last 48 hours. Here is what you need to know.
Posted on Nov 05 / 2021
Cyber Intelligence Weekly (Oct 31, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft Sets Sights on Closing the Cybersecurity Skills Gap, PAX Technology Raided by FBI, Key Member of REvil Ransomware Gang Identified.
Posted on Oct 31 / 2021
Cyber Intelligence Weekly (Oct 24, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Ransomware Gang Recruits Tech Talent Through Fake Company, High Profile YouTube Accounts Targets for Hackers, and Maker of Candy Corn Hit by Ransomware
Posted on Oct 24 / 2021
Cyber Intelligence Weekly (Oct 17, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Clicking the F12 Button Considered ‘Hacking’ Per Missouri Governor, Deep Fakes Gaining Steam in Elaborate Social Engineering Attacks, and Phishers Getting Tricky with Coinbase Fraud
Posted on Oct 17 / 2021
Cyber Intelligence Weekly (Oct 10, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Facebook, Instagram and WhatsApp Endure Major Outage, Major Telecom Provider Announces Five-Year-Long Security Breach, and Twitch Confirms Massive Breach, Company Data on 4Chan.
Posted on Oct 10 / 2021
SC Media Interview: Cyber pros used OSINT and sock puppets to aid mass Afghanistan evacuation
In this interview and article from SC Media, Dan Desko and Dahvid Schloss discuss how the Echelon Risk + Cyber team used their cyber skills to help at least 50 Afghan refugees to safety.
Posted on Oct 08 / 2021
Risk + Cyber Perspectives: Securing Financial Services
In this video discussion with Matt Tolbert, Senior Cybersecurity Examiner for the Federal Reserve Bank of Cleveland, Matt and Dan discuss risks of remote workforces, planning for disruptions, mitigating 3rd party risks, going to the cloud, supply chain threats, and resilience in the future.
Posted on Oct 07 / 2021
Case Study: Bell and Howell Improves Cyber Posture with Echelon’s Unique Collaborative Approach to Pen Testing
Bell and Howell partnered with Echelon Risk + Cyber to test the security of their systems, ensuring that they will continue to be protected from future cyberattacks and avoid any future disruption to their systems.
Posted on Oct 06 / 2021
Mission Matters Interview: Dan Desko + Adam Torres
Our CEO and Founder Dan Desko was recently interviewed for Mission Matters Innovation with Adam Torres. The interview focuses on our core belief that security and privacy are basic human rights. We're built to live that mission every day.
Posted on Oct 06 / 2021
Cyber Intelligence Weekly (Oct 3, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Death of Infant Nicko Silar Blamed on Ransomware, MFA Meets its Match?, and VMware vCenter Server Critical Vulnerability Exploited in the Wild.
Posted on Oct 03 / 2021
Banking in the Cloud: Key Considerations for IT Leaders
Considering a move to the cloud? There's a lot to think about, especially for financial institutions. This article lays out those obstacles and some considerations for overcoming them.
Posted on Sep 28 / 2021
Cyber Intelligence Weekly (Sept 26, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: 2021 Record Year for Zero-Day Exploits, Massive Credential Leakage Occurring Through Microsoft Autodiscover, and FBI Held Back Kaseya Ransomware Decryption Keys for Weeks
Posted on Sep 26 / 2021
Four Ways to Spice Up Your Penetration Testing Routine
Another year, another penetration test? Attackers are evolving, and so should you. Here are four ways to spice up your pen testing routine to be better prepared and reduce your attack surface.
Posted on Sep 22 / 2021
Cyber Intelligence Weekly (Sept 19, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Customer Service Outsourcing Giant TTEC Hit by Ransomware, Apple Releases Patch for Zero-Day, and Another Major Microsoft Vulnerability.
Posted on Sep 19 / 2021
Cyber Intelligence Weekly (Sept 12, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft Zero Day exploited in the wild, hundreds of public companies in the SEC cyber hot seat for SolarWinds breach, and UN falls victim to major breach.
Posted on Sep 12 / 2021
Cyber Intelligence Weekly (Sept 5, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Cybersecurity awareness during upcoming holidays, Atlassian Confluence security advisory, and WhatsApp privacy breach fines.
Posted on Sep 05 / 2021
Cyber Intelligence Weekly (Aug 29, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Biden gets cyber commits from big tech, MS Power Apps leave data exposed, and CosmosDB vulnerabilities.
Posted on Aug 30 / 2021
DefCon 29 in Review: The Best Sessions, Badge Spoilers and More
Have you solved your badges yet? With another DefCon in the books, here's our take on the best sessions and a close up look at some of the badges.
Posted on Aug 26 / 2021
A Hacker’s Perspective: How to Create a Strong Password (Hint, Length Matters!)
From a hacker’s perspective, the essence of password security boils down to two things: how guessable is it and how easy is it to crack encrypted passwords. Here are our tips for creating stronger passwords.
Posted on Aug 24 / 2021
Cyber Intelligence Weekly (Aug 22, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: massive insider threat is looming, BlackBerry vulnerabilities, and updates on previous CIW stories.
Posted on Aug 22 / 2021
Cyber Intelligence Weekly (Aug 15, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: data breach at T-Mobile, Apple's privacy nightmare, and Microsoft needs to patch patching.
Posted on Aug 16 / 2021
Cyber Intelligence Weekly (Aug 8, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Federal agencies failing at cyber, Apple scans your iCloud photos, and a disgruntled ransomware worker acts out.
Posted on Aug 08 / 2021
A Hacker’s Perspective: Top Three Ways to Mitigate Modern Phishing Techniques
More people fell victim to phishing than any other form of internet crime in 2020, and this trend is likely to continue. But phishing is not just prevalent - it is evolving. Here are three mitigation strategies for modern phishing techniques, from the perspective of a hacker.
Posted on Aug 04 / 2021
CMMC Compliance 101: Answers to Common Questions
Have you Googled CMMC compliance lately? We want to help clear the air. Avoid the marketing jargon and confusing content with these answers to common questions.
Posted on Aug 02 / 2021
Cyber Intelligence Weekly (Aug 1, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: President Biden's memorandum on Critical Infrastructure Cybersecurity, an FBI official advises against banning ransomware payments, and the search engine for hackable websites returns.
Posted on Aug 01 / 2021
Flexible & Secure Remote Penetration Testing in a Changing World
Over the past year and a half, the worldwide workforce underwent a drastic and rapid paradigm shift that has brought with it new opportunities, attack vectors, and methods to test security. When testing security with penetration testing, partner with a firm using the most modern, advanced tactics to test your readiness for tomorrow’s attackers.
Posted on Jul 29 / 2021