<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

CATEGORY ARCHIVES: security-automation


Small-medium businesses are on the bullseye for cyber attacks, with businesses being attacked and compromised on an hourly basis, yet many SMBs don’t seem to be worried at all. 63% of small-medium businesses experienced a data breach in 2019, as reported in a study by Keeper Security and the Ponemon Institute. Yet the same study found that 60% of SMB owners think their businesses aren’t a likely target for a cyber attack. These numbers don’t add up, and something about these business owners’ laid back attitude just doesn’t make sense – SMB recovery from a cyber attack is estimated to cost around $200,000, and can easily reach millions depending on the extent of the damage (and in case of ransomware – how big the ransom price is). In fact, a study by BullGuard found that over forty percent of SMBs do not have cybersecurity defense plans whatsoever.

Read More

Share this:

Using Threat Intelligence for Proactive Threat Protection

With ransomware and cyber-attack chaos these days, we find ourselves focusing on the rapid appearance of new and upcoming threats. Every day is a day of new threats, new attack headlines, and new worries. But, it’s important to keep in mind that with so many new attacks come so many researchers and organizations whose goal is to collect and update as much information as possible regarding these new threats. Security service providers, researchers, and security communities collect and publish a plethora of updated, actionable threat intelligence at every given moment. The big question is – how to make all that extremely useful (yet extremely scattered) intelligence actionable, and how to automatically integrate it on to your security solutions and devices.

Read More

Share this:

Hostile Domestic Surveillance & Security Automation: A Case Study

Photo Cred: Forbes


Last week, I had the pleasure of speaking at Virus Bulletin on the recent news of iPhone (first reported on by Google Project Zero) and Android (first reported on by Volexity) mobile malware being used to target Tibetans (as reported by Citizen Lab) and Uighur Muslims inside and outside the People’s Republic of China. Lots of great research is linked above and you should definitely read it.

Whenever events like these occur, researchers from many organizations are researching pieces of it. If you are interested in Chinese APT attacks against these groups, certainly take a look.

One of the most interesting things to me when looking into these attacks is the sophistication and persistence of the adversary. As vulnerabilities got patched, they reused what pieces they could from their attacks and discovered new vulnerabilities to maintain their ability to action on the surveillance objectives. Some of the tools used indicate relationships to other Chinese APT groups, and certainly these types of attacks could be used against truly foreign adversaries as well.

Read More

Share this:

Home Page


see all


  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter