Digital Shadows helps a security manager of a large technology company find that 5,000 employee pay stubs were publicly available online.
Digital Shadows finds 1.5 billion business and consumer files exposed online – just one month prior to GDPR...
Other content in this Stream
Detect sensitive data that's been exposed by employees, contractors, or third parties.
Currently 2.3 billion files are being made publicly available by misconfigured and non-secured technologies used to store this data such as Amazon S3 buckets, Server Message Block (SMB), File Transfer
See how one large bank detected more than 50,000 exposed credentials in 1 year.
Modern Development Practices Leads to Increased Exposure As customers, we can be a bit demanding when it comes to technology ...
The first half of 2019 has revealed no ebb in the number of massive data breaches and cybersecurity disasters. As the threat landscape continues to evolve and unfortunate enterprises have become the v
In this blog series, we’ll share some tales from the front lines – keeping client names anonymous, of course. We’ll investigate some of SearchLight’s most impactful findings, and more importantly, she
There are now 750 million more files exposed than we reported last year; not all of them are blatantly sensitive, but there is plenty of gold in these mountains.
Seriously, don’t click back or close – I promise it’s not another one of those “buy all the newest stuff ...
SearchLight searches identifies exposed technical information by alerting organizations to unauthorized commits to public code repositories, exposed access keys, and other type of exposed technical...
Last week, we learned that millions of Ecuadorian’s personal details had been exposed by a misconfigured ElasticSearch database. This is ...
Asset inventories are one of the most important things to get right. Done correctly, they give you the best insight into your potential attack surface and identify where to focus your efforts.
we detected over 550 typosquats for the 34 candidate- and election-related domains we gathered from open-source research. Not every single one was something interesting; most of the time the typosquat
In this blog, we determine whether this targeted attack on BriansClub will impact the wider cybercriminal credit carding landscape, and speculate whether it could galvanize the community to push anoth
Honeypots can be useful tools for gathering information on current attack techniques. Conversely, they can be an overwhelming source of ...
One of the most interesting aspects of transitioning from high school history teacher to cyber threat intelligence professional is the ...
What practical steps should organizations and the professionals within them be thinking about in this new world? We have a special two-part series where Rick Holland, VP Intelligence and CISO at Digit
We decided to map this intrusion to the Mitre ATT&CK framework, as we have done previously for:
When the attacker, Andrei Tyurin, pleaded guilty, we thought we could look at the attacker goals, their TTPs and map this to the Mitre PRE-ATT&CK and ATT&CK framework.
We will walk you through each stage of this exploited data cycle to illustrate the economy of exposed credentials, and then present ways you can protect and mitigate the threats targeting your organiz
Attack methods repeat themselves, and so does how cybercriminals use breached data, such as PII, stolen account details and even compromised admin credentials. Once data is compromised, it can circula