The Need for Cyber Threat Intelligence: What Are we Concerned About? Part 2

Cyber threat intelligence (CTI) requirements guide not only what intel is collected, but also how it is analyzed and used for IR, the SOC analyst and the business, as well. Developing a good set of requirements helps the organization: Monitor the right threat actors Collect the most useful intel Prepare intelligence in the right format…

Read More

The Need for Cyber Threat Intelligence: What Are we Concerned About?

This is one of a series of posts addressing key threats to the retail sector in an attempt to identify which information assets and systems must be protected, and to examine the value of identifying adversaries and intelligence consumers. Today, the most serious data breaches and disruptions result from well-planned, complex attacks that target specific…

Read More

Targeting the Supply Chain

Threat actors are increasingly targeting supply chain organizations to get around ever more hardened corporate perimeters, modifying their products to achieve a range of potential effects, such as cyber espionage, organizational disruption or demonstrable financial impact. According to a recent report by the National Counterintelligence and Security Center (NCSC), software supply chain infiltration has already…

Read More

RH-ISAC Recaps Black Hat 2018

BlackHat USA is one of the world’s leading information security events, providing attendees with the very latest in research, development and trends. This year’s conference was no different and delivered its attendees with an extensive amount of valuable insight. The RH-ISAC Threat Intelligence Team had the pleasure of attending and has provided a brief summary…

Read More

Phishing-As-A-Service (PHASS) Platforms and Frameworks

PHISHING-AS-A-SERVICE (PHAAS) allows attackers to create individual phishing campaigns, schedule and process emails and a lot of other related procedures that are involved in phishing computer targets. While most currently available PhaaS platforms are designed to test the resilience of organizations and their ability to detect social engineering attempts against their employees and help craft…

Read More