Vulnerability Management: Minimizing Risks, Maximizing Security
In today's digital age, organizations face an ever-increasing number of cyber threats. Cybercriminals are constantly looking for ways to exploit vulnerabilities in an organization's infrastructure, which can result in costly security breaches, loss of sensitive data, and damage to the organization's reputation.
Posted on Mar 31 / 2023
Cyber Intelligence Weekly (March 26, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Is TikTok the Problem, or are We the Problem?, Chinese-Based Pinduoduo App Banned by Google Over Malware Concerns, Ferrari Reveals Cyberattack After Receiving Ransom Demand
Posted on Mar 26 / 2023
Cyber Intelligence Weekly (March 19, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Google’s Mandiant Warns of Stealthy Chinese-Backed Attacks, Feds Charge NY Man as BreachForums Boss “Pompompurin”, SEC Proposes New Requirements to Address Cybersecurity Risks to the U.S. Securities Markets
Posted on Mar 19 / 2023
Pen Testing is Not Enough – Red Team Assessments in Healthcare
Learn why pen testing alone isn't enough to secure healthcare organizations from cyber threats, and how red team assessments can help identify and mitigate vulnerabilities. Here's a comprehensive overview of red teaming and its importance in healthcare cybersecurity.
Posted on Mar 14 / 2023
Cyber Intelligence Weekly (March 12, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: SEC Fines Blackbaud $3 Million for Misleading Disclosures About Ransomware Attack, Minneapolis Public Schools Held Hostage by Medusa Ransomware Gang, U.S. Marshals Service Hit with Ransomware Attack and Data Breach
Posted on Mar 12 / 2023
eLearnSecurity Certified Professional Penetration Tester (eCPPT): Overview and How to Prepare for the Exam
Preparing for the eLearnSecurity Certified Professional Penetration Tester (eCPPTv2) exam? Here are three experiences from the Echelon Offensive Security Team and tips on how to prepare.
Posted on Mar 06 / 2023
Cyber Intelligence Weekly (March 5, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Biden-Harris Administration Announces National Cybersecurity Strategy, LastPass Security Breach: A Lesson on the Power of Timely Software Updates, Dish Network Hit by Ransomware Attack, Data Stolen by Cybercriminals
Posted on Mar 05 / 2023
Cyber Intelligence Weekly (February 26, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Atlassian Investigates Breach as Hackers Publish Stolen Data Online, Pepsi Bottling, Where’s My Data?, Sensitive US Military Emails Exposed on Misconfigured Server
Posted on Feb 26 / 2023
Cyber Intelligence Weekly (February 19, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: GoDaddy Suffers Three-Year Cyberattack Siege by Hackers, Cybersecurity Incident at MKS Blamed for Sales Shortfall for Applied Materials, CNN Reports that FBI Systems Were Breached by Hackers
Posted on Feb 19 / 2023
eJPTv2 Certification: Overview and How to Prepare for the Exam
The eJPTv2 certification is a globally recognized entry-level information security certification that validates practical penetration testing skills. Take a look at this article redacted by our Offsec team where they provide an overview of the certification and tips on how to prepare for the exam.
Posted on Feb 16 / 2023
Cyber Intelligence Weekly (February 12, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang, TruthFinder and Instant Checkmate Background Check Services Suffer Massive Breach, Toyota’s Global Supplier Management Network System Pwn’ed by Security Researcher
Posted on Feb 12 / 2023
Practical Strategies to Enhance Your Organization’s Information Security Awareness and Training Program
When it comes to cybersecurity, all organizations share a similar risk – the possibility of human error. When it comes to educating your people about cyber, one size does NOT fit all. Here are six strategies to mature your information security awareness and training program.
Posted on Feb 09 / 2023
Cyber Intelligence Weekly (February 5, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: GoodRx Hit with $1.5 Million Fine for Sharing User’s Health Data, VMware ESXi Servers Targeted in Massive Worldwide Ransomware Attack, Threat Actors Abuse Microsoft’s Verified Publisher Status to Carry Out Attacks
Posted on Feb 05 / 2023
Cyber Intelligence Weekly (January 29, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Riot Games League of Legends Source Code Stolen, Hackers Demand $10 Million, For LastPass Owner, GoTo, Breach Situation Gets Worse, CISA, NSA, and MS-ISAC Release Advisory on the Malicious Use of RMM Software
Posted on Jan 29 / 2023
Cyber Intelligence Weekly (January 22, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: New T-Mobile Breach Affects 37 Million Accounts, Thousands of Norton LifeLock Customer Accounts Breached, Third-Party Administrator, Bay Bridge, Notifies Patients of Data Breach
Posted on Jan 22 / 2023
Cyber Intelligence Weekly (January 15, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Royal Mail Service Interrupted After Ransomware Attack, Police App Leaks Secret Details About Raids and Personal Data About Suspects, FAA Blames Massive Outage on Database Integrity Issue
Posted on Jan 15 / 2023
Cyber Intelligence Weekly (January 8, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Slack’s GitHub Compromised Over the Holidays, Zero-Day to Blame for Rackspace Breach, U.S. Nuclear Scientists Were Targeted by Russian Hackers.
Posted on Jan 09 / 2023
Cyber Intelligence Weekly (January 1, 2023): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: The LastPass Hack, What You Need to Know, The Worst Hacks of 2022, The Equifax Breach Settlement Offer is Real, For Now
Posted on Jan 01 / 2023
Cyber Intelligence Weekly (December 18, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Stolen Information on More Than 80K InfraGard Members Is Allegedly Being Sold on the Dark Web, Former Twitter Employee Hit with Jail Sentence for Spying for Saudi Arabia, Rackspace Hosted Exchange Email Capabilities Still Offline After Ransomware Attack
Posted on Dec 18 / 2022
Top 10 Cybersecurity Articles in 2022
At Echelon, our team takes pride in contributing to and participating in our cybersecurity community. We regularly publish articles on our Intelligence blog to help our clients (and everyone!) stay vigilant. Here are the top 10 articles from 2022.
Posted on Dec 12 / 2022
Cyber Intelligence Weekly (December 11, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: New Ransom Payment Schemes Target Executives, Telemedicine, Majority of U.S. Defense Contractors Not Meeting Basic Cyber Requirements, ChatGPT Unlocking the Potential of AI For Threat Actors?
Posted on Dec 11 / 2022
Cyber Intelligence Weekly (December 4, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: LastPass Announces Another Security Incident, Huge Trove of Phone Numbers (360 Million) for Sale on Dark Web, Krebs Notes That ConnectWise Quietly Patches Flaw That Helps Phishers
Posted on Dec 04 / 2022
Hacker’s Perspective: Securing JSON Web Tokens
If you are a modern-day developer, you’re probably plenty familiar with JSON Web Tokens (JWT’s). They perform their job efficiently when correctly implemented. Unfortunately, they can also be vulnerable to malicious threat actors.
Posted on Nov 28 / 2022
Cyber Intelligence Weekly (November 27, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Department of Defense Releases Zero Trust Strategy and Roadmap, FCC Bans Authorizations for Devices That Pose National Security Threat, Hundreds Arrested in UK Fraud Service Website iSpoof
Posted on Nov 27 / 2022
Cyber Intelligence Weekly (November 20, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: CISA Announces Iranian Government-Sponsored APT Actors Compromise Federal Network, Researchers Quietly Cracked Zeppelin Ransomware Keys, Russian Software Disguised as American Present in 8,000+ Apps
Posted on Nov 20 / 2022
Cyber Intelligence Weekly (November 13, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Twitter Verification Mess Causing Billion Dollar Losses in the Stock Market, Australian Federal Police to Hackers, “We Know Who You Are”, Feds Seize $3.36 Billion in Cryptocurrency Hidden Under Floorboards (This is a real story!)
Posted on Nov 13 / 2022
ISO/IEC 27001:2022 – Your Guide to the Updates and How to Get (and Stay) Compliant
The highly anticipated ISO 27001:2022 updates modernize the standard to keep up with the evolving cyber landscape. Here's everything you need to know about the changes and how you can get (and stay) compliant.
Posted on Nov 11 / 2022
Bite-Sized Cyber Essentials: Network VPNs
Virtual Private Networks (VPNs) are often presented as the ultimate tool for privacy and anonymity. But this is a strong misconception. Using a VPN does not guarantee protection from location tracking, social and web profiling, and most importantly, using a VPN does not guarantee anonymity.
Posted on Nov 09 / 2022
Cyber Intelligence Weekly (November 6, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: United States Exploring Review of Twitter Deal, Ties to Foreign Investments, Snack Maker Mondelez Settles NotPetya 'Act of War' Insurance Suit with Zurich, NSA Watchdog Concluded One Analyst’s Surveillance Project Went Too Far
Posted on Nov 06 / 2022
Cyber Intelligence Weekly (October 30, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Advocate Aurora Health Confirms Breach of Millions of Patient Records Due to Meta Pixel, Misconfigured Microsoft Data Bucket Leaks Sensitive Data of 65,000+ Entities, LockBit Group Says They Stole 1.4TB of Data From UK’s Kingfisher Insurance
Posted on Oct 30 / 2022
Cyber Intelligence Weekly (October 23, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Australia’s Largest Healthcare Insurer Confirms Data Breach, CISA Begins Request for Comments on Microsoft 365 Security Configuration Baselines, Feds Warn About Ransomware Threats to Healthcare Organizations
Posted on Oct 23 / 2022
Case Study: Utility Cloud Partners with Echelon to Boost Security of their Web Application
Utility Cloud is an operations management software designed to help utilities such as water, wastewater, and natural gas digitally manage their assets and work orders. Here's how Echelon Risk + Cyber helped ensure they are functioning at their most secure level.
Posted on Oct 21 / 2022
Cyber Intelligence Weekly (October 16, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Vulnerable Fortigate Products FortiOS / FortiProxy / FortiSwitchManager Allow Authentication Bypass on Administrative Interface, Ferrari Denies Data Breach and Ransomware Attack Following Gang’s Online Claims, GCHQ Head says Chinese Tech Poses Major Risk
Posted on Oct 16 / 2022
Bite-Sized Cyber Essentials: Password Practices and Password Managers
Passwords have not gone away yet. Although there may be new forms of logging in, such as biometric logins, passwords still ultimately serve as our master key to sign in. This means we need to take better care of how we create, use, and store our passwords.
Posted on Oct 12 / 2022
Bite-Sized Cyber Essentials: Multi-Factor Authentication
Multi-factor authentication (MFA) is the process of having more than one form of authentication to ensure that if one methods is compromised, an attacker is still unable to access the account.
Posted on Oct 12 / 2022
Cyber Intelligence Weekly (October 9, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Former Chief Security Officer Of Uber Convicted Of Federal Charges For Covering Up Data Breach, LA School’s Stolen Data More Sensitive than Expected,Russian Speaking Hackers Knock US State Government Websites Offline.
Posted on Oct 10 / 2022
Cyber Intelligence Weekly (October 2, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft Exchange Server Experiencing Two New Zero-Day Vulnerabilities, LinkedIn Riddled with Fake Fortune 500 CISO Profiles, Fast Company Content Management System Hacked, Offensive Apple News Alert Sent
Posted on Oct 02 / 2022
Cyber Intelligence Weekly (September 25, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager, American Airlines Data Breach Exposes Employee and Customer Data, Australian Telecom Giant Optus Suffers Hack
Posted on Sep 25 / 2022
Cyber Intelligence Weekly (September 18, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week:
Posted on Sep 18 / 2022
DEF CON 30 in Review: How the Echelon Team Won a Black Badge, and a Black Badge Breakdown
Buckle up for the story of how the Echelon team won the coveted DEF CON Black Badge, and dive deep into Ross Flynn's detail breaking down the Black Badge.
Posted on Sep 13 / 2022
Cyber Intelligence Weekly (September 11, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Security Officials Concerns Raised Over Liability for Attacks, GIFShell attack creates reverse shell using Microsoft Teams GIFs, New Google Chrome Zero-Day Has Users Scrambling to Update
Posted on Sep 11 / 2022
Cyber Intelligence Weekly (September 4, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Chinese Database with Facial Recognition and License Plate Data Leaked, Nelnet Servicing Breach Exposes Data of 2.5M Student Loan Accounts, Italian Oil Giant, Eni, Hit by Hackers
Posted on Sep 04 / 2022
Cyber Intelligence Weekly (August 28, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Popular Password Manager LastPass Suffers Security Incident, Mudge has some Serious Twitter Beef, Roasting 0ktapus: The Phishing Campaign Going after Okta Identity Credentials
Posted on Aug 28 / 2022
Are Your Vendors “Tall enough to Ride the Ride”?
We can think about an amusement park’s rider height and restriction requirements as a useful way to describe risk tolerances when onboarding new vendors or increasing scopes of work to existing ones.
Posted on Aug 22 / 2022
Cyber Intelligence Weekly (August 21, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: TikTok’s Built-In Browser Can Log Keystrokes, Researcher Says, Lloyd’s of London to Exclude State-Backed Cyber Attacks from all Coverage, 1,900 Signal User’s Numbers Exposed Due to Twilio Breach
Posted on Aug 21 / 2022
Cyber Intelligence Weekly (August 14, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Sounding the Alarm on the Emergency Alert System (EAS), Starlink Satellite Dish Hacked with $25 in Parts, Cisco Confirms Cyber Attack in May of 2022, Ties to $Lapsus
Posted on Aug 14 / 2022
Cyber Intelligence Weekly (August 7, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: A Peek into Microsoft’s Microsoft Offensive Research & Security Engineering (MORSE) Team; Scammers Sent Uber to Take Elderly Lady to the Bank; Another Rough Week for Web3, Dual Hacks Causing Havoc
Posted on Aug 08 / 2022
Cyber Intelligence Weekly (July 31, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: UEFI Rootkits, Hidden Lurking Malware, Untangling KNOTWEED, Microsoft Highlights Austrian Cyber Actor in Latest Blog, Hacker Teaches How to Shoplift at Recent Conference.
Posted on Aug 01 / 2022
Cyber Intelligence Weekly (July 24, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Data of 5.4 Million Twitter Users is Allegedly up for Sale, Popular NFT Queue Software PREMINT Compromised, $375k in NFT’s Stolen, Russian Hackers Released Fake Pro-Ukrainian App to Track Users and Infrastructure
Posted on Jul 24 / 2022
Cyber Intelligence Weekly (July 17, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Amazon Handed Ring Videos to Police Without Warrants, Honda Key Fob Hack Allows Anyone to Remotely Unlock Honda Cars, North Korean Operatives are Trying to Infiltrate US Crypto Firms
Posted on Jul 17 / 2022
Cyber Intelligence Weekly (July 10, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Florida Man Arrested for Selling $1 Billion in Fake Cisco Hardware on Amazon, eBay, Apple Unveils new “Lockdown Mode” to Protect Users from Targeted Spyware, NFT Marketplace OpenSea Reports Massive Email Data Breach
Posted on Jul 10 / 2022
Cyber Intelligence Weekly (July 3, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Flagstar Bank Breach Affects over 1.5 Million Customers, Attorney General James Secures $400,000 From Wegmans After Data Breach Exposed Consumers’ Personal Information, Microsoft Finds Raspberry Robin Worm in Hundreds of Windows Networks.
Posted on Jul 05 / 2022
Cyber Intelligence Weekly (June 26, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: The TikTok Tapes, Leaked Meeting Recordings Show US User Data Accessed Regularly in China, Microsoft Releases New Report; Defending Ukraine, Early Lessons from the Cyber War, Users Being Targeted by New Zero-Day Spyware, Hermit
Posted on Jun 26 / 2022
RSA 2022 Recap: Our Main Takeaways
This year’s RSA 2022 event was centered around the theme of “Transform,” which is really on-point for the world we live in. Here are Paul Matvey's big takeaways from the event.
Posted on Jun 20 / 2022
Cyber Intelligence Weekly (June 19, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: L3Harris Technologies in Talks to Buy NSO Groups Hacking Tools, Actively Exploited Follina Vulnerability Finally Addressed in Latest Windows CU, Hacked Email Account Potentially Led to Breach at Kaiser Permanente
Posted on Jun 19 / 2022
Cyber Intelligence Weekly (June 13, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: NSA, CISA, and FBI Expose PRC State-Sponsored Exploitation of Network Providers, Devices, Back From the Dead, Emotet Returns in 2022, Follina Exploiters Growing by the Day, Still No Patch from Microsoft
Posted on Jun 12 / 2022
Cyber Intelligence Weekly (June 5, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft “Follina” Zero-Day Vulnerability Causing Worldwide Concern, Massive Cyberattacks Crippling Costa Rica and Several Universities Put on Watch, Credentials Offered for Sale
Posted on Jun 05 / 2022
Postcard from the 2022 PA Bankers Convention
Upon returning home from Scottsdale, AZ for the PA Bankers Convention of 2022, I had some time to reflect on my three key takeaways from my time spent amongst leaders in the great banking industry of Pennsylvania.
Posted on May 29 / 2022
Cyber Intelligence Weekly (May 29, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft “Raising the Baseline Security for all Organizations in the World”, FTC Charges Twitter with Deceptively Using Account Security Data to Sell Targeted Ads, Hacker Steals Data on Hundreds of Verizon Employees
Posted on May 29 / 2022
Hacker’s Perspective: Web App Vulnerabilities - An In-Depth Look at Attacking File Uploads
File uploads are ubiquitous, making them a prime target for attackers. Here's how ethical hackers test your resilience against these kinds of attacks.
Posted on May 25 / 2022
Cyber Intelligence Weekly (May 22, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act, Flaw in Texas Website Exposed 1.8 Million Resident’s Data for Years, and Microsoft Bing’s Chinese Political Censorship of Autosuggestions in North America.
Posted on May 22 / 2022
Hacker’s Perspective: Web App Vulnerabilities - Algolia API Keys
Are you exposing your company's internal data? Algolia APIs are extremely useful for efficient access to stored data, but the keys used to access them are easily misconfigured and can give attackers access to allow an attacker to launch a site-wide attack.
Posted on May 16 / 2022
Cyber Intelligence Weekly (May 15, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Thousands of Websites Collect Your Data in Web Forms Before Form Submission, DEA Law Enforcement Portal Possibly Breached, Businesses Seek to Soften Up SEC Cybersecurity Reporting and Disclosure Rules
Posted on May 15 / 2022
Cyber Intelligence Weekly (May 8, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Data Broker Is Selling Location Data of People Who Visit Abortion Clinics, Nakasone Says Cyber Command Did Nine 'Hunt Forward' Ops Last Year, Heroku Recently Forced Customer Password Resets After GitHub OAuth Token Theft
Posted on May 08 / 2022
Cyber Intelligence Weekly (May 1, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Russia Sanctions Complicate Paying Ransomware Hackers, French Fiber Optic Attack Highlights Physical Vulnerabilities to Critical Infrastructure, FBI Conducted Millions of Searches of Americans’ Data Last Year
Posted on May 01 / 2022
Cyber Intelligence Weekly (April 24, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: T-Mobile Breached Again, This Time by Lapsus$, Criminals Abuse Apple Pay in Spending Sprees, Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities
Posted on Apr 24 / 2022
Right in your Lapsus$ – How Attackers are Playing a Different Game
Many cutting-edge security programs base their defenses on sophisticated, nation-state level threat actors. How, then, have so many of them gotten hacked recently by a new and less-sophisticated group, Lapsus$?
Posted on Apr 19 / 2022
Cyber Intelligence Weekly (April 17, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems, Widely Used Autonomous Hospital Robots at Risk of Remote Hijacking, Mirai Malware Leveraging Spring4Shell Exploits for Botnet Delivery
Posted on Apr 17 / 2022
What the Lapsus$ Attacks Should Teach Us About Third-Party Insider Threat
The Lapsus$ attacks have helped companies realize that third-party vendors can be the 'weakest link' within their own organizations. This article summarizes what companies can learn (and do) to protect data.
Posted on Apr 11 / 2022
Cyber Intelligence Weekly (April 10, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: US Government Disrupts Russian Government Controlled Botnet, German Federal Police Shut Down Russia’s Dark Web Market, Hydra, Block Says Former Worker Accessed U.S. Customer Data Without Approval
Posted on Apr 10 / 2022
Looking Inward, Charting a New Course for Effective TPRM
Most current third-party risk management (TPRM) programs are external-facing. But what if the greatest threat to your organization wasn’t external?
Posted on Apr 06 / 2022
Cyber Intelligence Weekly (April 3, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Software Giant Globant Confirms Breach after LAPSUS$ Shares 70GB of Stolen Data, Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”, Critical GitLab Vulnerability Allows Attackers to Take Over Accounts
Posted on Apr 03 / 2022
Adaptability and Perseverance – Breaking Down CrowdStrike’s Perspective on the 2022 Global Threat Landscape
The year 2021 brought about some serious cyber challenges. This article summarizes key takeaways from CrowdStrike's Global Threat Landscape report, provides a breakdown of the five 2021 themes, and gives our take on seven recommendations that resonate most with us.
Posted on Apr 01 / 2022
Cyber Intelligence Weekly (March 27, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Okta Compromise by LAPSUS$ Causes Massive Concern, LAPSUS$ Hackers Leak 37GB of Microsoft's Alleged Source Code, U.K. Police Arrest 7 Related to LAPSUS$ Hacks on Tech Firms
Posted on Mar 27 / 2022
The Countdown Begins for Financial Institutions Using FedLine Solutions
In January 2021, the Federal Reserve Banks implemented the Security and Resiliency Assurance Program outlining new compliance requirements for banks that use FedLine® by the end of 2022. This article outlines everything you need to know about this new program.
Posted on Mar 23 / 2022
Cyber Intelligence Weekly (March 20, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Germany Warns Against Use of Kaspersky Antivirus Software, Microsoft Defender Tags Office Updates as Ransomware Activity, Ukraine’s President Zelensky Deepfaked in False Surrender Tactic
Posted on Mar 20 / 2022
eLearnSecurity’s Web Application Penetration Tester eXtreme: Overview and How to Prepare for the Exam
The eWPTX is an expert-level certification covering advanced web application exploitation and analysis. Here’s one cybersecurity consultant’s experience and tips on how to prepare.
Posted on Mar 17 / 2022
Maturing Your IAM Program Part One: Role-Based Access Control (RBAC)
Role Based Access Control (RBAC) has become the holy grail of access management. So why isn't everyone using it? Here are a few tips on how to strategically approach your RBAC adoption journey.
Posted on Mar 16 / 2022
Cyber Intelligence Weekly (March 13, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: SEC Steps up Cybersecurity Requirements in a Big Way, Hackers in Space Disrupt Satellite Systems and Customers, Serious Flaw Found in Microsoft’s Azure Automation Service
Posted on Mar 13 / 2022
Cyber Intelligence Weekly (March 6, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Senate Passes Cyber Incident Reporting Bill, House Next Up, Kinetic and Cyber Warfare, Microsoft Responds, Conti Ransomware Group Data Leaked by Security Researcher
Posted on Mar 06 / 2022
The Countdown is On: New Cyber Incident Reporting Requirements for Banks
Lawmakers have argued about mandatory cyber incident reporting for years, but it has never gained the traction needed to become widespread law. For those in the banking industry, this is all about to change.
Posted on Mar 02 / 2022
Echelon Risk + Cyber Joins CrowdStrike’s Elevate Partner Program
Partnership Delivers Best-in-Class Solutions and Services to Help Companies Stop Breaches and Achieve a Higher Level of Endpoint Protection
Posted on Feb 28 / 2022
Cyber Intelligence Weekly (Feb 27, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Ukrainian Hacktivists Fight Back Against Russian Aggressors in Cyber Space, F12 Does Not Equal Hacking, Missouri Governor’s Call for Investigation Proves Worthless, and South Korean Researchers Crack Code for Hive Ransomware
Posted on Feb 27 / 2022
Case Study: MetaOptima Enhances Security Practices through a Web Application Assessment
As an organization that stores sensitive medical data, MetaOptima is focused on investing in their security posture. Here's how Echelon Risk + Cyber helped ensure they are functioning at their most secure level.
Posted on Feb 22 / 2022
Cyber Intelligence Weekly (Feb 20, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: San Francisco 49ers Hit with Ransomware Attack, As Russia/Ukraine Tensions Mount, So Do Cyber Concerns Globally, No One Cares About Your Wordle Score, Or Your Privacy
Posted on Feb 20 / 2022
How Safe is it to Scan a QR Code?
QR codes are clever (just ask Coinbase), but they can be security nightmares. Here’s what our CEO, Dan Desko, had to say when he was interviewed about this year’s Super Bowl ad.
Posted on Feb 15 / 2022
Cyber Intelligence Weekly (Feb 13, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Laundering $4.5 Billion of Bitcoin is Apparently Pretty Difficult, Decryptor Released for Several Ransomware Strains, IRS Transitions Away from Plans to use Facial Recognition
Posted on Feb 13 / 2022
Cyber Intelligence Weekly (Feb 6, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Chinese Surveillance Key Area of Concern as 2022 Olympics Kickoff, Major German Oil Storage Company Hit by BlackCat Ransomware, and Man at Home in Pajamas, Takes Down North Korean Internet
Posted on Feb 06 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Hacking GraphQL
GraphQL is a commonly used query language for manipulating APIs. Properly secured, it is a useful tool for web application development. Configured improperly, it can have devastating results.
Posted on Jan 31 / 2022
Continuous Penetration Testing: Shattering the Hourglass
Threats are continuously evolving - your pen testing should too. As attackers constantly find new vulnerabilities to exploit, a continuous penetration testing approach persistently emulates threat actor activity within a company’s unique environment, helping them stay secure over time.
Posted on Jan 31 / 2022
Cyber Intelligence Weekly (Jan 30, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Supposed Belarusian “Hacktivists” Disrupt Belarusian Railways with Ransomware, Ukraine Wiper Malware Used Code Repurposed from Another Ransomware, and White House Making Good on Promised Cyber Strategy.
Posted on Jan 30 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Password Reset Feature
Password Reset features can be dangerous and must be implemented securely. Otherwise, user accounts can be compromised.
Posted on Jan 24 / 2022
Cyber Intelligence Weekly (Jan 23, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Crypto.com Loses $30 Million in Crypto Through Hack, Cyberattack Affects Red Cross Work, Exposes Confidential Data for Vulnerable People, Hackers Got Comfy Inside Ukrainian Systems for Months Before Launching Attacks
Posted on Jan 23 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Detailed Error Messages
Detailed error messages may seem unimportant, but they can be very valuable for attackers. Here's more on why they are important and how you can fix this web app vulnerability.
Posted on Jan 18 / 2022
Cyber Intelligence Weekly (Jan 16, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Russia Pretends to Care About Criminal Cybersecurity Activity for a Day, Ukraine State Websites Hit with Cyber Attack, and EU Police Agency, Europol, Forced to Delete Mass Amounts of Personal Data
Posted on Jan 16 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Invite Feature
Hidden dangers within your web app’s ‘invite’ feature, why it matters, and how you can fix it.
Posted on Jan 13 / 2022
CMMC 2.0 - Three Big Reasons to Start the Compliance Process Now
The DoD’s Cybersecurity Maturity Model Certification (CMMC) framework is changing, but there are many advantages to beginning your compliance journey now rather than later.
Posted on Jan 13 / 2022
Cyber Intelligence Weekly (Jan 9, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Commercial Antivirus Products Now Come with Free Crypto Miners! (Not Kidding), Stalking/Privacy Concerns Abound with Apple AirTag Device, and Russian IT Exec Recently Captured for Insider Trading May Have Deep Kremlin Ties
Posted on Jan 09 / 2022
Cyber Intelligence Weekly (Jan 2, 2022): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Cheers to Y2K22! Should old acquaintance Microsoft Exchange be forgot, and never brought to mind?, Users of Popular Password Manager Targeted in Credential Stuffing Attacks, and Shutterfly Hit with Massive Ransomware Attack
Posted on Jan 02 / 2022
Top 10 Cybersecurity Articles in 2021
At Echelon, our team takes pride in contributing to and participating in our cybersecurity community. We regularly publish articles on our Intelligence blog to help our clients (and everyone!) stay vigilant. Here are the top 10 articles from 2021.
Posted on Dec 20 / 2021
Cyber Intelligence Weekly (Dec 19, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Log4j Fallout Continues and New Vulnerabilities Uncovered, What Management Should be Asking About Log4j/Log4Shell, Microsoft and Mandiant Observe Exploitation of Log4Shell in the Wild
Posted on Dec 19 / 2021
Log4shell: How Attackers are (Currently) Breaking the Internet, and How to Mitigate
Websites are like buildings. If your website's foundation is vulnerable to Log4j, check out this overview of the attack, how to test for it, and how to mitigate it.
Posted on Dec 16 / 2021
Top 7 Cybersecurity Predictions for 2022
As 2021 winds down, we take a peek into the future of cybersecurity for 2022. Will our predictions come true?
Posted on Dec 14 / 2021
Cyber Intelligence Weekly (Dec 12, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Critical Vulnerability in Ubiquitous Java Logging Utility, Log4j, America Runs on D̶u̶n̶k̶i̶n̶ AWS, Emotet Malware Making a Strong Comeback
Posted on Dec 12 / 2021
Cyber Intelligence Weekly (Dec 5, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Former Ubiquiti Developer Charged by FBI for Extorting His Employer, NSO Group Tools Target U.S. and Other Officials in Uganda, and Hackers Are Spamming Businesses’ Receipt Printers With ‘Antiwork’ Manifestos
Posted on Dec 05 / 2021
Cyber Intelligence Weekly (Nov 28, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: GoDaddy Announces Security Incident Affecting Managed WordPress Service, Apple Sues NSO Group to Curb the Abuse of State-Sponsored Spyware, Brian Krebs Rings Alarm Bell on Zelle Fraud Scam for a Second Time
Posted on Nov 28 / 2021
Cyber Intelligence Weekly (Nov 21, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: United States Charges Two Iranians with Attempting to Interfere with 2020 Presidential Election, $500 million in Cyber Spending Inches Closer to Reality as Part of 'Build Back Better' Bill, and Cisa Release Playbook for Incident Response.
Posted on Nov 21 / 2021
Cyber Intelligence Weekly (Nov 14, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Robinhood Announces Data Breach, Millions of Records Involved, FBI Systems Abused in Hoax Email Blast, 50+ Flaws In This Month’s Patch Tuesday from Microsoft.
Posted on Nov 14 / 2021
Embracing New Technology? Here’s How to Keep Cybersecurity Top of Mind
As technology advances at an unprecedented pace, many businesses are aggressively accelerating adoption to maintain a competitive advantage. But there’s a big risk for those who don’t keep cybersecurity top of mind.
Posted on Nov 10 / 2021
Cyber Intelligence Weekly (Nov 7, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Department of Defense Cybersecurity Framework - CMMC - Gets Major Overhaul, Company Directors and Boards in the Crosshairs Over Cyber Incidents, and Israeli Spyware Producer NSO Group Blacklisted by US Government
Posted on Nov 07 / 2021
CMMC Update: November 5, 2021 - Five Key Takeaways
The Cybersecurity Maturity Model Certification (CMMC) underwent a huge makeover in the last 48 hours. Here is what you need to know.
Posted on Nov 05 / 2021
Cyber Intelligence Weekly (Oct 31, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft Sets Sights on Closing the Cybersecurity Skills Gap, PAX Technology Raided by FBI, Key Member of REvil Ransomware Gang Identified.
Posted on Oct 31 / 2021
Cyber Intelligence Weekly (Oct 24, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Ransomware Gang Recruits Tech Talent Through Fake Company, High Profile YouTube Accounts Targets for Hackers, and Maker of Candy Corn Hit by Ransomware
Posted on Oct 24 / 2021
Cyber Intelligence Weekly (Oct 17, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Clicking the F12 Button Considered ‘Hacking’ Per Missouri Governor, Deep Fakes Gaining Steam in Elaborate Social Engineering Attacks, and Phishers Getting Tricky with Coinbase Fraud
Posted on Oct 17 / 2021
Cyber Intelligence Weekly (Oct 10, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Facebook, Instagram and WhatsApp Endure Major Outage, Major Telecom Provider Announces Five-Year-Long Security Breach, and Twitch Confirms Massive Breach, Company Data on 4Chan.
Posted on Oct 10 / 2021
SC Media Interview: Cyber pros used OSINT and sock puppets to aid mass Afghanistan evacuation
In this interview and article from SC Media, Dan Desko and Dahvid Schloss discuss how the Echelon Risk + Cyber team used their cyber skills to help at least 50 Afghan refugees to safety.
Posted on Oct 08 / 2021
Risk + Cyber Perspectives: Securing Financial Services
In this video discussion with Matt Tolbert, Senior Cybersecurity Examiner for the Federal Reserve Bank of Cleveland, Matt and Dan discuss risks of remote workforces, planning for disruptions, mitigating 3rd party risks, going to the cloud, supply chain threats, and resilience in the future.
Posted on Oct 07 / 2021
Case Study: Bell and Howell Improves Cyber Posture with Echelon’s Unique Collaborative Approach to Pen Testing
Bell and Howell partnered with Echelon Risk + Cyber to test the security of their systems, ensuring that they will continue to be protected from future cyberattacks and avoid any future disruption to their systems.
Posted on Oct 06 / 2021
Mission Matters Interview: Dan Desko + Adam Torres
Our CEO and Founder Dan Desko was recently interviewed for Mission Matters Innovation with Adam Torres. The interview focuses on our core belief that security and privacy are basic human rights. We're built to live that mission every day.
Posted on Oct 06 / 2021
Cyber Intelligence Weekly (Oct 3, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Death of Infant Nicko Silar Blamed on Ransomware, MFA Meets its Match?, and VMware vCenter Server Critical Vulnerability Exploited in the Wild.
Posted on Oct 03 / 2021
Banking in the Cloud: Key Considerations for IT Leaders
Considering a move to the cloud? There's a lot to think about, especially for financial institutions. This article lays out those obstacles and some considerations for overcoming them.
Posted on Sep 28 / 2021
Cyber Intelligence Weekly (Sept 26, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: 2021 Record Year for Zero-Day Exploits, Massive Credential Leakage Occurring Through Microsoft Autodiscover, and FBI Held Back Kaseya Ransomware Decryption Keys for Weeks
Posted on Sep 26 / 2021
Four Ways to Spice Up Your Penetration Testing Routine
Another year, another penetration test? Attackers are evolving, and so should you. Here are four ways to spice up your pen testing routine to be better prepared and reduce your attack surface.
Posted on Sep 22 / 2021
Cyber Intelligence Weekly (Sept 19, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Customer Service Outsourcing Giant TTEC Hit by Ransomware, Apple Releases Patch for Zero-Day, and Another Major Microsoft Vulnerability.
Posted on Sep 19 / 2021
Cyber Intelligence Weekly (Sept 12, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Microsoft Zero Day exploited in the wild, hundreds of public companies in the SEC cyber hot seat for SolarWinds breach, and UN falls victim to major breach.
Posted on Sep 12 / 2021
Cyber Intelligence Weekly (Sept 5, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Cybersecurity awareness during upcoming holidays, Atlassian Confluence security advisory, and WhatsApp privacy breach fines.
Posted on Sep 05 / 2021
Cyber Intelligence Weekly (Aug 29, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Biden gets cyber commits from big tech, MS Power Apps leave data exposed, and CosmosDB vulnerabilities.
Posted on Aug 30 / 2021
DefCon 29 in Review: The Best Sessions, Badge Spoilers and More
Have you solved your badges yet? With another DefCon in the books, here's our take on the best sessions and a close up look at some of the badges.
Posted on Aug 26 / 2021
A Hacker’s Perspective: How to Create a Strong Password (Hint, Length Matters!)
From a hacker’s perspective, the essence of password security boils down to two things: how guessable is it and how easy is it to crack encrypted passwords. Here are our tips for creating stronger passwords.
Posted on Aug 24 / 2021
Cyber Intelligence Weekly (Aug 22, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: massive insider threat is looming, BlackBerry vulnerabilities, and updates on previous CIW stories.
Posted on Aug 22 / 2021
Cyber Intelligence Weekly (Aug 15, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: data breach at T-Mobile, Apple's privacy nightmare, and Microsoft needs to patch patching.
Posted on Aug 16 / 2021
Cyber Intelligence Weekly (Aug 8, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: Federal agencies failing at cyber, Apple scans your iCloud photos, and a disgruntled ransomware worker acts out.
Posted on Aug 08 / 2021
A Hacker’s Perspective: Top Three Ways to Mitigate Modern Phishing Techniques
More people fell victim to phishing than any other form of internet crime in 2020, and this trend is likely to continue. But phishing is not just prevalent - it is evolving. Here are three mitigation strategies for modern phishing techniques, from the perspective of a hacker.
Posted on Aug 04 / 2021
CMMC Compliance 101: Answers to Common Questions
Have you Googled CMMC compliance lately? We want to help clear the air. Avoid the marketing jargon and confusing content with these answers to common questions.
Posted on Aug 02 / 2021
Cyber Intelligence Weekly (Aug 1, 2021): Our Take on Three Things You Need to Know
This weekly post shares our intel around some of the major developments on the future of cybersecurity. This week: President Biden's memorandum on Critical Infrastructure Cybersecurity, an FBI official advises against banning ransomware payments, and the search engine for hackable websites returns.
Posted on Aug 01 / 2021
Flexible & Secure Remote Penetration Testing in a Changing World
Over the past year and a half, the worldwide workforce underwent a drastic and rapid paradigm shift that has brought with it new opportunities, attack vectors, and methods to test security. When testing security with penetration testing, partner with a firm using the most modern, advanced tactics to test your readiness for tomorrow’s attackers.
Posted on Jul 29 / 2021
Search
Sections
Cyber Intelligence Weekly
Offensive Security: How to Level Up
Hacker's Perspective: Tips for Defenders
Compliance
Beyond the Baseline: A New Approach to IT Audits
CISO's Corner
Cyber Career Tips
Financial Services
Higher Education
Healthcare
Technology & SaaS
Manufacturing