Blog

It is about to be busy season for cyber security providers around the world. From non-stop conferences and awards to new vulnerabilities and cybersecurity awareness month. Let’s get started.

OnDefend Insights

It’s likely one of the most common questions our in-house red team gets asked, “how did you become an ethical hacker?” In today’s job market it seems as if entry-level cybersecurity jobs are non-existent, but how do you become a seasoned professional without the experience? OnDefend senior tradecraft engineer Ryan Tucker created a how-to guide on becoming a hacker, and his advice to others on growing their careers.

Becoming an Ethical Hacker > OnDefend

——

A recent report revealed less than a quarter of CISO’s are participating in business strategy and decision-making processes within their organization (I know what you’re already thinking, that doesn’t shock you at all.) Here’s what you might not have expected, the report showed cybersecurity budgets are increasing but there was a catch to receiving that budget. You can read the full report here.

Cybersecurity budgets are increasing, yet CISO’s are still not invited to the boardroom. > OnDefend

——

Breach & Attack Simulation or BAS technology is at peak interest according to Gartner’s 2023 security operations hype cycle. BAS technology provides automated and consistent assessment of an enterprise’s threat vectors. Frequent automated BAS assessments also enable organizations to detect gaps in their security posture due to configuration errors or reevaluate priorities of upcoming security investments.

What makes OnDefend‘s BAS tool BlindSPOT stand out from the competition?

⭐️ Can be offered as a one-time attack simulation or a fully managed service
⭐️ Competitively priced compared to other BAS products
⭐️ Allows for customized payloads, C2 integrations, and stakeholder reporting

Visualize the power of removing these “blind spots” here.

Visualizing the Power of BlindSPOT > OnDefend

Cybersecurity Roundup: Top Stories from the Digital Frontlines

Microsoft says Storm-0558 Chinese hackers stole a signing key used to breach government email accounts from a Windows crash dump after compromising a Microsoft engineer’s corporate account.

Hackers stole Microsoft signing key from Windows crash dump (bleepingcomputer.com)

—

CISA confirms the addition of Peiter ‘Mudge’ Zatko to its roster of prominent voices preaching the gospel of security-by-design and secure-by-default development principles. According to CISA director Jen Easterly Mduge was brought on to “shape a culture of security by design that is foundational to every security team, every C-suite, and every board room in the country.”

CISA Hires ‘Mudge’ to Work on Security-by-Design Principles – SecurityWeek

—

Leading cybersecurity agencies from the UK, US, Australia, Canada, and New Zealand have discovered that the Sandworm cyber actor used a new mobile malware, “Infamous Chisel,” to target Android devices used by the Ukrainian military. They have previously connected Sandworm to Russia’s GRU Main Centre for Special Technologies (GTsST), indicating state-sponsored involvement in these cyberattacks.

Infamous Chisel Malware Analysis Report | CISA

—

The patch didn’t work. The FBI warns that Barracuda Email Gateways continue to be vulnerable despite attempts at a recent solution to the zero-day bug. According to the FBI, the fixes are considered “ineffective” and that it “continues to observe active intrusions and considers all affected Barracuda ESG appliances to be compromised and vulnerable to this exploit.”

Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches (thehackernews.com)

OnDefend in the News 

“Hard work, consistency, curiosity, a positive attitude, and a desire to grow. All qualities that are needed to ensure an organizations growth.” OnDefend Co-Founder/CTO Ben Finke reflects on his leadership after being named one of the 2023 tech leaders of the year. If you’ve ever met Ben, you recognize his leadership combined with his technological savvy is unmatched. Check out his full interview.

2023 Tech Leaders: Ben Finke of OnDefend > OnDefend

BlindSPOT

We have some very exciting news on the BlindSPOT front that we will be announcing next month, from simulation library updates to a new security tools catalog. In fact, there is such a steady flow of updates, we figured the BlindSPOT section should have a page of its own. Consider this your foreshadowing to the big announcement next month. – Ben, OnDefend CTO

Anybody else feel like we just scratched the surface? That’s because we did. Stay tuned for this bi-monthly newsletter, for all of OnDefend’s latest and greatest.

If you want to stay in the loop about what’s happening at OnDefend, including our upcoming webinars, the latest cybersecurity trends, and product updates, then follow us on Facebook, Twitter, and LinkedIn @ondefend.