Top 10 API Risks in Application Security

Application Programming Interfaces (APIs) are a type of software interface that allows services to communicate with one another to leverage each other’s data and functionality without needing to see everything that is on the other end. They enable applications to talk to one another, such as when you use your Facebook account to login to…

Read More

Technical Details for C2 Tool “Dark Utilities” Leveraged in Malware Campaigns

Context On August 4, 2022, Cisco Talos Intelligence researchers reported new technical details of a tool called “Dark Utilities” that provides a full suite of command-and-control (C2) capabilities for threat actors. The tool, which was released in early 2022, is advertised by creators as enabling remote access, command execution, distributed denial-of-service (DDoS) attacks, and cryptomining…

Read More

What’s Driving Security and Fraud Teams to Collaborate on Trust Platforms

One of the unfortunate truths for trust and fraud teams is that they spend more time fighting within their organization to get access to the data they need than they do fighting bad actors. These teams often build collaborative relationships with cybersecurity teams to address issues like credential stuffing and bots, but a new generation…

Read More

Newly Reported AiTM Campaign Likely Related to Recent Trends

Context On August 3, 2022, ZScaler researchers reported the technical details of an adversary in the middle (AiTM) campaign active since at least June 2022. The RH-ISAC team believes, based on timing and nearly identical tactics, techniques, and procedures (TTPs), that this campaign is likely connected to highly similar activity previously reported by Microsoft. Key…

Read More

Using the NIST Cybersecurity Framework in Your Vulnerability Management Process

The NIST Cybersecurity Framework was first drafted by the National Institute of Standards and Technology in 2014, with the latest version, version 1.1, following in 2018. It provides a set of guidelines for organizations looking to improve their overall security posture, particularly when it comes to risk management. The core tenets of the Framework can…

Read More