Google's Threat Analysis Group (TAG) delivered thousands of alerts of government-backed attempts to spearphish Gmail users over just a three-month period earlier this year.
TAG director Shane Huntley revealed that from July to September 2019 his team sent 12,000 warnings to users in 149 countries. From a heat map attached to the blog post, you can see that most were located in the US, South Korea, Pakistan and Vietnam.
“Over 90% of these users were targeted via ‘credential phishing emails’... attempts to obtain the target’s password or other account credentials to hijack their account,” he added.
“We encourage high-risk users — like journalists, human rights activists, and political campaigns — to enroll in our Advanced Protection Program (APP), which utilizes hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest-risk accounts.”
Google's TAG tracks over 270 targeted and government-backed threat groups across 50+ countries in an attempt to detect a variety of dodgy activities like intel collection, IP theft, targeting of dissidents and activists, destructive cyber-attacks, and spreading coordinated disinformation.
He also detailed efforts to detect and remove coordinated influence operations by Russian state hackers in Africa using “inauthentic news outlets to disseminate messages promoting Russian interests in Africa.” A total of 15 YouTube channels were removed as a result.
TAG director Shane Huntley revealed that from July to September 2019 his team sent 12,000 warnings to users in 149 countries. From a heat map attached to the blog post, you can see that most were located in the US, South Korea, Pakistan and Vietnam.
“Over 90% of these users were targeted via ‘credential phishing emails’... attempts to obtain the target’s password or other account credentials to hijack their account,” he added.
“We encourage high-risk users — like journalists, human rights activists, and political campaigns — to enroll in our Advanced Protection Program (APP), which utilizes hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest-risk accounts.”
Google's TAG tracks over 270 targeted and government-backed threat groups across 50+ countries in an attempt to detect a variety of dodgy activities like intel collection, IP theft, targeting of dissidents and activists, destructive cyber-attacks, and spreading coordinated disinformation.
He also detailed efforts to detect and remove coordinated influence operations by Russian state hackers in Africa using “inauthentic news outlets to disseminate messages promoting Russian interests in Africa.” A total of 15 YouTube channels were removed as a result.
Best of Command & Control
4 (Red Teaming)
•Command & Control: Ares
•Command & Control: WebDav C2
•Command & Control: WebSocket C2
•Command and Control with DropboxC2
•dnscat2: Command and Control over the DNS
•Command & Control: Silenttrinity Post-Exploitation Agent
•Command & Control Tool: Pupy
•Command and Control Guide to Merlin
•Command and Control with HTTP Shell using JSRat
•Koadic – COM Command & Control Framework
•TrevorC2 – Command and Control
https://lnkd.in/fCua_6e
4 (Red Teaming)
•Command & Control: Ares
•Command & Control: WebDav C2
•Command & Control: WebSocket C2
•Command and Control with DropboxC2
•dnscat2: Command and Control over the DNS
•Command & Control: Silenttrinity Post-Exploitation Agent
•Command & Control Tool: Pupy
•Command and Control Guide to Merlin
•Command and Control with HTTP Shell using JSRat
•Koadic – COM Command & Control Framework
•TrevorC2 – Command and Control
https://lnkd.in/fCua_6e
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
What's the difference between bagging and boosting?
Bagging and boosting are both ensemble methods, meaning they combine many weak predictors to create a strong predictor.
One key difference is that bagging builds independent models in parallel and "averages" their results in the end, whereas boosting builds models sequentially, at each step emphasizing reducing error that remains in the model by better fitting to the observations that were missed in previous steps.
Bagging and boosting are both ensemble methods, meaning they combine many weak predictors to create a strong predictor.
One key difference is that bagging builds independent models in parallel and "averages" their results in the end, whereas boosting builds models sequentially, at each step emphasizing reducing error that remains in the model by better fitting to the observations that were missed in previous steps.
What are CISOs most pressing cybersecurity challenges?
Data security, privacy, IAM and SOAR👌🏽
Data security, privacy, IAM and SOAR👌🏽
SIEM is "Suckers Investment for Event Management" 😋
Just Imagine, ... instead of a SIEM, if you spend that money on internal training and certification for developers and admins, and a strong internal security culture. Couple that with an external provider that offers a scanner that acts as your "red team on autopilot" or a web vulnerability scanner (some services even monitor for GDPR compliance, not just defacements or webshells). The money still left from what would make the difference to the price of the SIEM (oh don't worry, there is plenty left over), you hire a reputable external pentest firm and really engage with them. Put that in your budget for recurring years and you got actual security. Instead of a SIEM, which the babysitting of - isn't an actual "skill" people can put on their CV.
R y agree!?
Just Imagine, ... instead of a SIEM, if you spend that money on internal training and certification for developers and admins, and a strong internal security culture. Couple that with an external provider that offers a scanner that acts as your "red team on autopilot" or a web vulnerability scanner (some services even monitor for GDPR compliance, not just defacements or webshells). The money still left from what would make the difference to the price of the SIEM (oh don't worry, there is plenty left over), you hire a reputable external pentest firm and really engage with them. Put that in your budget for recurring years and you got actual security. Instead of a SIEM, which the babysitting of - isn't an actual "skill" people can put on their CV.
R y agree!?