Silent Breach Blog

Cybersecurity Trends

Top 10 Challenges Facing CISOs in 2022

While 2021 presented some of the greatest security challenges in decades, it has also prompted government and industry leaders to prioritize cybersecurity.

2021 Cybersecurity Roundup: Year in Review

In many ways, 2021 was the year that global supply chains were pushed to their limits, both physically and digitally.

...

Update: Managing the Log4j Vulnerability

To help companies detect and mitigate the Log4j vulnerability, Silent Breach is offering a free advisory service. Contact us to learn more.

Securing the Cyber Supply Chain

While the global supply chain has only recently fallen into crisis, the digital supply chain has been under stress for years.

Why Hackers Love the Holidays

As we move into this year's holiday season, cybersecurity remains a top concern for companies around the world. Here's why.
...

Cybersecurity Industry Scores Major Wins

The cybersecurity sector was met with a number of important victories, wrapping up what could be its best week in recent months.

...

Cyber Due Diligence: In Four Parts

As the newest addition to the due diligence process, cyber audits come in all shapes and sizes. Here are the main 4 components, along with accompanying case studies.

...

Securing Communication Channels in the Enterprise Environment

Back when WhatsApp released their new data-sharing policies, public outrage over privacy concerns caused users to flock to rivals like Signal and Telegram nearly overnight.

The Rise of the Virtual CISO

As daily reports of data breaches continue to fill the headlines, companies are scrambling to bolster their cybersecurity postures.

The US Government Failed Their Cybersecurity Audit. Now What?

From NASA to the State Department, federal agencies are relying on outdated systems, ignoring mandatory security patches and failing to protect classified data.

Top Four Cloud Security Tips for 2021

Today, over 95% of businesses utilize cloud computing. At the same time, companies often lack proper security protocols to manage this rapidly developing digital landscape.

Everything we know about the Kaseya ransomware attack

In what is considered to be the largest ransomware attack in history, a group of hackers have compromised at least 1000 companies in a stunning Fourth of July attack.

...

Attack Surface Management is Here to Stay

With new buzzwords being generated on a seemingly constant basis, it can be difficult to distinguish between passing fads and emerging trends.

...

Are the JBS and Colonial attacks just the beginning?

While the recent attacks on the JBS plants and the Colonial Pipeline are far from unique, the tangible nature of the damage hits close to home.

Top Four Benefits of Attack Surface Management

As Attack Surface Management (ASM) begins to gain traction, here are the top four reasons why it may be the right fit for your organization.
...

SmileDirect Becomes Latest Victim in String of Cyberattacks

SmileDirectClub, a celebrated tele-dentistry company, just lost over 15% of their market value in under 15 minutes. The cause? A cyber security breach from two weeks ago.

Introduction to Vishing

When you receive a call on your phone from an unknown number, it's nearly impossible to guess who's calling. Increasingly, it could be someone vishing you.

Inside Biden's Plan to Protect the Power Grid from Hackers

The Biden Administration has announced plans to launch a '100-day sprint' to shore up the US power grid against cyber-attacks.
...

UN Passes Critical Cybersecurity Resolution

In the wake of the SolarWinds and Microsoft attacks, the UN has released a landmark cybersecurity report that's been two years in the making. Here's what you need to know.

How To Tell If The Microsoft Hack Affects You

Since January '21, hackers have been exploiting multiple vulnerabilities in Microsoft Exchange Server to infiltrate a broad range of systems. Here's what you need to know.

What is Attack Surface Management?

Unfortunately, organizations across nearly every sector are still struggling to secure their public-facing applications.

How Hackers Briefly Poisoned Florida Water Supply

On Friday, February 5, a hacker breached the water plant serving Oldsmar, Florida and instructed it to increase the amount of lye in the water to extremely dangerous levels.

WhatsApp Alternatives: Signal vs Telegram

Beyond media sensationalism and corporate marketing, what are the actual differences between Signal, Telegram, and WhatsApp? Here's our app-by-app breakdown and ranking.
...

US Companies Struggle To Notice When They've Been Hacked

197. That's how many days it takes an average company to detect a security breach. Hackers have over 6 months before their victim is even aware that they've been hacked.
...

Top Five Challenges Facing CISOs in 2021

It's fair to say that 2020 held some unique challenges, but 2021 will have its own hurdles. These are the top five challenges facing CISOs as we move into the new year.

How To Tell If The SolarWinds Hack Affects You

A highly sophisticated actor has taken advantage of SolarWinds security flaws to infiltrate governments and businesses around the world. Here's what you need to know.

A Non-Partisan Cybersecurity Analysis of Election Irregularities

Chris Krebs, the former Director of CISA, was fired on November 17th after repeatedly affirming that the 2020 election was the "most secure in American history."

Are the Russians Hacking the Tokyo Olympics?

Following repeated penalties for state-sponsored doping, Russia was finally banned from all Olympic sports for 4 years. Have they retaliated by hacking the games themselves?

Why the US Space Force is Hiring Hundreds of Hackers

As NASA struggles to fend off a fresh wave of cyber-attacks, the US Space Force is quickly ramping up its cybersecurity capabilities to counter foreign interference.

...

How Hackers Are Targeting NASA

During a recent Senate hearing, top NASA officials admitted that it is "incredibly difficult to keep NASA's defenses up." Here's why.

...

Inside the Million Dollar Plot to Hack Tesla

Tesla had a rough week, but it could have been a whole lot worse. According to FBI reports, Russian actors spent the summer planning a cyber-attack against Tesla's systems.

Can the US election get hacked?

Several national security agencies have already confirmed foreign efforts to influence the US elections. Here are the top cybersecurity risks and their likelihood of success. ...

Summary of US Data Privacy Laws

With rapid evolution of the digital world, data privacy protection has become a global trend for organizations, individuals and governments.
...

Is TikTok a National Security Threat?

After years of threats, suspensions, and negotiations, India has finally gone and banned TikTok entirely. But are these fears overblown?

...

How to prepare for the inevitable global cyberattack

While globalization has created economic and political opportunities for many, it is also responsible for the rapid spread and destruction created by COVID-19.

Cybersecurity Matchup: Apple vs Android

As the greatest software rivalry of all time, emotions can run high. So we decided to create a non-partisan fact-based analysis of Android's and iOS's cybersecurity profile.

Social Media and Cybersecurity

The recent proliferation of social media platforms have provided hackers with a treasure trove of personal data on pretty much anyone in the world.

...

Cybersecurity Survival Guide for Remote Working

Being secure means being prepared, so in this article we've broken down the major risks and key tips related to your cybersecurity posture under remote working conditions.
...

Cybersecurity, Coronavirus, and the Joys of Giving Back

Today we sit down with our Founder & CEO, Marc Castejon, to discuss his own professional journey, the current state of cybersecurity, and everything in between.

...

The True Cost of a Cybersecurity Attack

Every CISO faces the unique challenge of justifying a budget whose ROI is predominantly measured by what never happened.

"That's Out of Scope," said no attacker ever

The most vulnerable sector to cybersecurity attacks isn't Wall Street, the military, or even Silicon Valley. It's our healthcare system.

How Hackers are Spreading the (Corona)virus

The WHO has labeled COVID-19 a global pandemic, setting off a wave of sweeping measures that have impacted not only our physical lives, but our digital lives as well.

What is Penetration Testing?

In a wave of large-scale cybersecurity breaches, many firms are looking for better strategies to manage cybersecurity risks. One highly effective exercise is the PenTest.

Top Five Challenges Facing CISOs in 2020

At long last, the World Economic Forum has finally come to recognize cybersecurity as the "second most concerning risk for doing business globally over the next 10 years," signaling a growing recognition within the business community of the importance of their CISOs and the challenges they face.

Airports are Terrible at Cybersecurity

Airports are (in)famous for their lengthy physical security checks, but how do they rank in terms of cybersecurity? A team of security researchers recently set out to find out once and for all by assessing the current state of cybersecurity at the world's 100 largest airports. Here's what they found:

To Pay or Not to Pay

It's no secret that 2019 was in many ways the Year of Data Breaches. While many cybercriminals steal data in order to mount further attacks or to sell it on the Dark Web, ransomware attackers are unique in that they make a simple offer: pay a ransom and everything will go back to normal.

Politely Paranoid: the current state of cybersecurity

The theme of FIC 2020 was Putting Humans at the Heart of Cybersecurity, so it's no surprise that social hacking remained a hot button topic throughout the three-day conference.

WEF: Major Risk of Cyberattack in 2020

The World Economic Forum just released their 2020 Global Risk Report, a compilation of research conducted by global risk consultants and financial analysts defining the major business risks facing the markets in both the short and long term.

Social Engineering is on the Rise

While encryption technologies, systems, and standards have become incredibly secure over the past decade, it has become increasingly clear that the the largest cybersecurity threat to nearly any organization is its people. ...

Where Amazon's Ring Went Wrong

You know that you've done something truly wrong when your cybersecurity scandal makes this year's mega-breaches (affecting everyone from Facebook to Equifax) seem quaint.

5 Cybersecurity Resolutions for 2020

As 2019 winds down, we've decided to dig through the Silent Breach archives and review the numerous challenges, lessons, and solutions that this year has presented. What we've come up with is a list of the top five cybersecurity resolutions to make 2020 a cyber-success!

...

A Brief History of Cryptography

90% of the world's data was generated in the last two years. To keep pace with this massive proliferation of data creation and transmission, cryptographers have been working overtime to engineer increasingly complex encryption techniques.

Top Four Security Myths

Myth 1: Everyone is accountable for cybersecurity.
We often hear things like "Everyone is accountable for security." This is false. While everyone is responsible for cyber security, only a select few are ultimately accountable.

Guide to Business Continuity Planning

What is a business continuity plan?

Although Business Continuity Plans should be specially tailored (in consultation with your cybersecurity partner) to your organization's needs and abilities, most IT BCPs should include the following 3 sections: ...

The Politics of Cybersecurity

The State of Mississippi completed its first governmentwide cybersecurity audit this month. The results were less than encouraging.

Cybersecurity and Healthcare

In the wave of large-scale cybersecurity breaches sweeping the country, there is one sector which is barely reported on, and yet represents possibly the most pressing technological threat to human life.

...

A Brief Guide to CCPA

The California Consumer Protection Act (CCPA) is designed to enhance data privacy rights and consumer protections for the citizens of California and comes into effect on January 1, 2020. Although it's been over 2 years since the bill has been ratified, many companies are still not sure if and how they will be affected.

Julian Assange Gets a Taste of His Own Medicine

Earlier this week, residents of Ecuador woke up to the news that much of their personal data, including banking details, employment information, and identification numbers, had been made publicly available by a small online consulting firm.

The Culture of Cybersecurity

Yet another 419 million Facebook accounts have been breached. Add this to the 100s of millions already compromised in the Cambridge Analytica, UpGuard, and 'View As' scandals, and the question becomes: can Facebook ever be secure?

The Latest in Cybersecurity Trends

Here's a fact: On average, it takes companies nearly half a year to identify a cyber security breach.
Here's another fact: Research shows that breaches that take over 30 days to contain cost an average of $1 million more than those contained within the first month.
...

The Myth of Cyber Security

Riddle: What do Marriott, Equifax, and Capital One all have in common?
Answer: They've each been the victim of a data breach compromising 100 million+ users each; all in the past 12 months.

DevOps is outdated. Here comes DevSecOps.

Over the last several years, DevOps has dramatically transformed the way in which software is designed, developed, and delivered.

...

You've Been Hacked. Now What?

Unfortunately, successful cyberattacks are growing far too common. A 2018 study found that nearly 70% of SMBs have experienced a cyberattack in the past year, yet an astounding 47% of respondents said they "have no understanding" of how to protect themselves ...

Cybersecurity in the Boardroom

It has become somewhat clich� to say that cybersecurity is no longer exclusively an IT job, but needs to be a company-wide effort. But the reality is that CISOs are both the newest C-level executives and the least understood. According to ...

Why More Firms than Ever are Moving to Managed Security Services

According to recent reports, Managed Security Service expenditures are set to double to nearly $50 billion by 2023.
...

Cybersecurity and the Fight for the Soul of Silicon Valley

In his now (in)famous speech, Tim Cook used the Stanford graduation ceremony last weekend to warn the young grads (and the world) about his concerns regarding the direction tech firms have been taking. While hailing the industry for its successes - from HP to the iPhone - Cook pulled no punches when discussing the chaos that they've created. Here are 3 takeaways from Cook's remarks:
...

Silicon Valley meets Wall Street

With seemingly daily reports of massive data breaches, cybersecurity remains one of the highest risks facing firms and their clients. But none of this is news. Instead, in this article I'll be taking a close-up look at some of the quantifiable effects that security breaches have had on asset market values. Here's a roundup of some of the more infamous cases in recent news:
...

Why its up to Incubators and Accelerators to Solve our Cybersecurity Woes

In 2016, a young sales intelligence firm, Apollo, emerged from Y Combinator against a backdrop of flashy PR and projected growth. Reveling in their nascent celebrity, Apollo went so far as to boast on their homepage that "no one ever drowned from revenue." But it was not revenue that they drowned in when, late last summer, Apollo's databases were hacked, releasing 212 million contact listings, con...

3 Lessons Learned from Accenture's Mistakes

By now we've all heard the news. Car rental behemoth, Hertz, is suing Accenture for $32 million for their failure to deliver "viable web and mobile applications". In fact, Hertz claims that the project needed to be "scrapped" entirely due to "serious security vulnerabilities and performance p...

Most Common Startup Cybersecurity Myths

If you've ever been in a meeting at a startup when the topic of cybersecurity came up, then you've probably seen the barely concealed eye-rolls, feigned attention, and predictable inaction. The reason for this is often simple: startups just don't see themselves as viable targets and are already under immense financial strain. Far more focused on "lean" development, marketing and financials, startu...

Top 5 Cyber Attack Trends for 2019

According to a recent World Economic Forum report, business executives in both North America and APAC consider cyber-attacks to be the number one risk of doing business, outranking terror attacks and asset bubbles. To prepare, here are our projected Top 5 Cyber-Attack Ve...

How to Choose a Cybersecurity Firm? Reading Between the Lines

With the cost of cybercrime set to top $5 trillion over the next five years, an incredible number of cybersecurity firms have been founded in the last few years. So, how do you sift through these countless listings and pick out the perf...

"We are only at the very beginning of our data security problems"

Bill Aulet is an entrepreneur, educator, speaker, and author of the best-selling Disciplined Entrepreneurship. Since 2009, he has served as the managing director of the Martin Trust Center for MIT Entrepreneurship as well as a senior lecturer at the MIT Sloan School of Management. ...

Silent Breach's mission to protect millions of devices

Marc Castejon is the CEO and Founder of Silent Breach, a cybersecurity startup that specializes in network security and digital asset protection. With over 20 years of experience in the US retail market, Marc and his team have recently developed a software product to help retailers proactively protect their businesses. (Image Credit: Marc Castejon, CEO and Founder of Silent Breach / Image Credit ...

8 cyber security resolutions for 2019

There is no doubt that 2018 has been a bad year for cyber security. With the massive Facebook breach resulting in the exposure of 50 million accounts, Quora's 100s of millions...

Silent Breach nominated top 10 cyber security solutions for 2018

Silent Breach is very honored to be part of the top 10 cyber security solutions for 2018 in the retail sector. The original article is available here: https://retail-security.retailciooutlook.com/vendors/top-retail-security-solution-providers-2018.html Solution described in this ar...

20 Best Security Solution Providers of 2018

Silent Breach is honored to be certified as "20 Best Security Solution Providers of 2018" by Industry Era Magazine The original article is available here: https://www.industry-era.com/vendor-2018-security-Continuous-Protection.php Solution described in this article: read more...

Nominated cyber security solution

Safeguarding the Retail Sector with Continuous Monitoring Systems

Retail CIO Outlook magazine has published a great article on Silent Breach Read the full article here....

Hardening your webapp security

The recent explosion of webapps has led to a dramatic rise in cyber attacks specifically targeting vulnerabilities in web applications. Three quarters of the web applications tested by Silent Breach presented high or critical vulnerabilities that could have led to a data breach, or even total compromise of the website: Fortunately, the ...

Cyber and Information Security Management for Kosovo Banking Association

Silent Breach training expert Hristiyan Lazarov representing the Luxembourg House of Training in Pristina, Kosovo gave a lecture on "Cyber and Information Security Management" to the Kosovo Banking Association. This 3 day training session gave the assosiation an overview of the most common cyber security tactics used in the finance industry today, as well as an insight into trends in the security ...

Cyber Security Continuous Monitoring for the Retail sector

Silent Breach releases its new solution for Continuous Monitoring & Breach Response for the Retail sector.

...

Silent Breach reaches AT&T Hall of Fame for Q2 2018

The Silent Breach cyber security research team has reached the top 25 AT&T bug hunters for Q2 2018:

AT&T Hall of Fame available here: https://bugbounty.att.com/hof.php, for more information on Silent Breach...

Silent Breach finds vulnerability on Intel website

Silent Breach uncovered a vulnerability on Intel's server, which has been addressed by their internal security team. This self XSS attack allowed hackers to gather information on a user that could be used in social engineering attacks. Here's a screenshot below:

...

Silent Breach opens office in Singapore

Silent Breach is expanding its footprint in Asia-Pacific by opening an office in the SUNTEC Tower one, downtown Singapore. Press release available here....

Silent Breach finds vulnerability on Apple iTunes servers

Apple Inc. just confirmed patching their servers for a cross scripting issue (XSS) reported by Silent Breach Inc. in July 2017. Following Apple's instructions, Silent Breach has wait...

GDPR Compliance checklist

The European Parliament adopted The General Data Protection Regulation GDPR in April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU ...

8 cyber security resolutions for 2018

There is no doubt that 2017 has been a bad year for cyber security, with the Equifax breach, Wannacry ransomeware, Russian social media manipulation, etc... But to get you ready for 2018, here's our top 8 cyber-security recommendations to survive through this new year:

...

Emby MediaServer 3.2.5 - Stored XSS (0-day)

Another breach found by our research lab, on the emby MediaServer 3.2.5 (Stored XSS)

Exploit Title : Emby MediaServer 3.2.5 -...

Silent Breach finds vulnerability with Wikipedia.org

Silent Breach finds a vulnerability with the online Wikipedia web site and in its free open source MediaWiki platform:

This vulnerability allows an attacker to gather information on the target (Wikipedia.org) and more easily narrow down potential breaches in the modules used by this web site. This kind of vulnerability is commonly referred to as Information Exposure Through Sent Data ...

Our Blog

...

...