Smarter Cybersecurity Blog

**To our Customers – If you have not received a critical notification from us, then we have not detected any Bad Rabbit activity in your monitored computing environment.**   Likelihood (SOD Customers): LOW It looks as though Bad Rabbit (an almost NotPetya clone) is another targeted attack against Russian and Ukrainian entities with broader, unintended infection vectors outside their […]

Read more

What’s the Story? Yesterday, Equifax announced it suffered a massive data breach that may have resulted in the personal data of up to 143 million people being compromised by currently unidentified hackers. The compromised data reportedly includes full names, birth dates, social security numbers, addresses, and, in some cases, driver’s license numbers.  It is currently […]

Read more

Attending DEF CON 25 is an annual rite of passage for many members of the Security On-Demand SOC. It presents a unique opportunity to hone network hunting and cybersecurity skills, learn about the latest and greatest threats and exploits being developed today, and network with other like-minded cybersecurity professionals.  Our SOC Team came back energized. Right […]

Read more

U.S. Cert released an alert providing technical details of the HIDDEN COBRA hacking group. HIDDEN COBRA (AKA Lazarus Group or Guardians of Peace) are allegedly tied to the North Korean government and have constructed a large botnet and intrusion infrastructure.

Read more

Leaks, After Leaks, After Leaks Recently there has been a rash of leaks from inside the two major U.S. intelligence agencies, the CIA and the NSA.  In the case of the CIA, WikiLeaks, via Vault7, released a slew of hacking tools that the CIA “lost control” of. Similarly, the group Shadowbrokers came into the possession […]

Read more

UPDATE: WCry Ransomware 20170515:1841 Summary Security-on-Demand continues to heavily monitor for and alert on any WanaCrypt 2.0 (WCry) Ransomware activity. The WanaCrypt malware continues to garner heavy attention and be a concern for organizations across the world. While it continues to be a threat, much of the spread appears to have been contained as security […]

Read more

Threat Flash Alert WCry Ransomware Worming Across Globe 20170512:2138 Summary Wanacrypt 2.0 (WCry) Ransomware has been propagating across the globe infecting over 45000 devices. The ransomware takes advantage of a Microsoft SMB vulnerability that is patched via bulletin MS17-010 Upon infection, computers receive a popup message informing the victim that their files have been encrypted […]

Read more

Behavioral Analytics is a term being tossed around the cybersecurity world in the last couple of years. So what are they? Well, traditionally, Behavioral Analytics are analytics that businesses use that focus on consumer trends, patterns, and activities.  Humans are typically creatures of habit and our use of the Internet is no different.  Through developing […]

Read more

Unfortunately ransomware works. This has been known by information security practitioners (and cyber-criminals) for a while now, but the recent public announcements of ransomware payoffs has let the cat out of the bag.

Read more

Security is complex and ever-changing. It takes months and even years to gain understand, experience and context. Certifications are an easy shorthand to collapse large bodies of knowledge and testing into simple acronyms that are understood by non-security practitioners.

Read more

Recent security news has been abuzz with stories about how easy it is to install credit card skimmers on PIN Pads. This is a particularly challenging area where physical security meets cybersecurity. In a video last week, we saw a man install a skimmer in 3 seconds. Now, imagine a busy store where the employees […]

Read more

The air was electric as hundreds of the most visionary CEOs in the information security industry descended upon the12th Annual West Coast Information Security & Broader Technology Growth Conference (called “AGC” by those in the know). This two-day innovation soiree is a veritable who’s who in the industry.  This is a high voltage meeting of […]

Read more

We work every day to manage risk and ensure the security of our organizations. We strive to create an environment where business can be transacted seamlessly, conveniently and securely. We are charged with enabling business to continue while accomplishing our ultimate responsibility of protecting the business.  The threats coming at us are complex, advanced and […]

Read more

Identity theft, credit card fraud have become hallmarks of the times. Consumers provide personal data to scores of entities from retailers to healthcare providers and even the government. But,  we expect these entities to do everything they can to keep our data safe. The  I.R.S. data breach in early 2015 brings forward a new and […]

Read more

Users of LastPass, an online password manager, learned on Monday that the service had been hacked and their email addresses and password reminders were compromised. Almost every site has a TOU (terms of use) that specify that passwords cannot be shared and recommend that users create a unique and strong password for every their site. […]

Read more

We have long accepted that compliance does not equal security. While the US has several public and private laws and governances covering almost every industry from healthcare to your local eatery to protect both consumers and businesses, is it enough? Europe has long been known to have stronger standards in many areas. They have policies in […]

Read more

A recent report has found that banks are ranked 79% higher in customer trust than 7 other industries in terms of protection of their personal data (Accenture, 2015). While this is a positive note to banks, this does not in any way mean that all financial institutions are safe from cyber-attacks. What are organizations in […]

Read more

Everyone knows that anti- malware software is required, but can present certain challenges. It gets in the way of installing other software and it is always asking you to make sure that your network is up to date. But what does it really do for your company? After all, you have it on every device […]

Read more

The Health Care industry has entered the information security spotlight. In February, Anthem, the second largest health care insurer in the country, notified customers of a breach of their computer systems that potentially affects more people than the Target breach in 2014 or the Home Depot breach of 2014. This follows on the heels of […]

Read more

It is generally accepted in the information security community that a good way to identify threats is to look for “anomalous behavior”. That’s all well and good, but we have recently discovered that seemingly normal behavior has led to successful security breaches and massive data loss for many companies out there. How do you know […]

Read more

Everyone is talking about the most recent “Sony Hack”.  In fact, you’re probably tired of hearing about it. But, here are some key takeaways to talk to your clients about:  Growing Complexity Hacks are getting more sophisticated and purpose-driven all the time.  Our security approach needs to be equally purpose-driven and must include prevention, detection […]

Read more
Contact Us

We're threat hunting! Send us a quick email here and we will get back to you asap.

Not readable? Change text. captcha txt

Start typing and press Enter to search