Prescient Security

Catch Alexander Thines and Bradley Ammerman at #GrrCON 2024 for their final talk of the year, "Using Drones and Arm Devices to Augment Red Team Engagements," and gain insights into the future of integrated security solutions guided by the pair's two groundbreaking devices under the name "The Raccoon Squad," which blend digital prowess with tangible, real-world security applications. 💫 GrrCon 2024 will take place on September 26th & 27th, in Grand Rapids, Michigan. Learn more here: https://hubs.la/Q02J15fy0

Join Kobalt.io, Prescient Security, and Vanta for a relaxed afternoon of lunch and networking at the Blender Workspace, and gain insights firsthand from Sammy Chowdhury, Co-Founder and Chief Compliance Officer of Prescient Security, representative from Vanta, and Michael Argast, Co-founder and CEO of Kobalt.io. Register now https://lnkd.in/dMtSJMCz

In the aftermath of what has been considered the largest IT disruption in history, affecting critical infrastructure in the areas of healthcare, finance, and aviation, Prescient Security would like to extend its support to IT teams globally as they work to remediate and secure organizations affected by the CrowdStrike / Microsoft outage, as well as echo the notion to our clients and community to remain vigilant for new security threats. Attackers have used - and are already being observed to be using - disruptions like these and the public awareness they create for new attacks. These attacks could present themselves as: 🚩 Phishing emails, purporting to be from or affiliated with Crowdstrike 🚩 Suspicious domains, these are designed to deceive users and administrators, often posing as official support channels or offering fraudulent fixes for Crowdstrike-related issues. Security Boulevard has already reported over 16 live potentially malicious domains related to the CrowdStrike incident and are empowering Admins to block them. Link to list below. 🚩 Malware campaigns - Check for IOCs related to a new fake update that appears as crowdstrike, but contains a malicious ZIP archive. The ZIP contains an executable named 'Crowdstrike.exe.' 🚩 Fake Crowdstrike Recovery Manuals - On July, 22nd, 2024, CrowdStrike's Intelligence arm identified a Word document containing macros that download an unidentified stealer now tracked as DAOLPU. The document impersonates a Microsoft recovery manual. CrowdStrike states that initial analysis suggests the activity is criminal. 🚩 Others include impersonation attempts via phone calls, false claims of evidence linking the outage to cyberattacks, and offers of automated recovery scripts. As attack avenues continue to expand, it is especially crucial that organizations employ the "Trust Nothing, Verify Everything" Zero-Trust Approach to ensure comprehensive security risk posture. More information on Fake CrowdStrike Recovery Manual - https://hubs.la/Q02HKQr00 List of Suspicious Domains To Block - https://hubs.la/Q02HKV330 Reach out to one of our experts here with any questions and to figure out if a penetration test is right for your organization - https://hubs.la/Q02HKTQ30 #CyberSecurity #CrowdStrikeOutage #InfoSec #CISA #Safety #Phishing #Malware

☀️🗽 Join us in NYC on September 20th, 2024 from 12-2 PM EST to learn from Kobalt.io's CEO, Michael Argast, and our very own Co-Founder and Chief Compliance Officer, Sammy Chowdhury, as they dive into the impact of AI and the ISO 42001 standard, upcoming regulatory changes, and emerging cybersecurity threats. Details on location and where to register in link below. #AI #ISO #ISO42001 #NYC

Excited to share this review from one of our valued clients! 💫 A reflection of Prescient Security's dedication to simplifying the SOC 2 audit process, we're grateful for the opportunity to support our clients and look forward to more successful collaborations ahead! #ClientSuccess #SOC2Audit #PrescientPartnership

Similar to the growing compliance surface area (mentioned in our latest Compliance Trends Webinar), which was due to digital transformation, a distributed workforce, and connected, cross-functional inter-organizational partners, the Cloud Attack Surface Area is observing considerable growth as well. Infosecurity Magazine reported in June that nearly half (44%) of organizations have experienced a cloud data breach, with 14% reporting having had an incident in the past 12 months, according to Thales 2024 Cloud Security Study. Human error and misconfigurations represented 31% of breaches, with exploitation of known vulnerabilities representing 28% - a seven-point increase compared to the Thales report from the year prior (2023). 🤯 Highlighting the expanding attack surface for attackers, it was also reported that 66% of organizations use more than 25 SaaS applications, as well as that 47% of corporate data is held in the cloud, and these applications are comprised of sensitive information. Despite this, Infosec Magazine states that less than 10% of enterprises have encrypted 80% or more of their cloud data. This gets a lot trickier with the advent of AI and the further unveiling of security gaps. Stay ahead of cloud vulnerability management and learn from our experts which Penetration Test or Cloud Compliance Framework is right for you, or if an ISO/IEC 42001 Certification (AI Standard) should be in your future. Talk to an expert here: https://hubs.ly/Q02GGgdZ0 Article: https://hubs.ly/Q02GGp3W0 Latest Cybersecurity & Compliance Trends Webinar: https://hubs.ly/Q02GGdwq0

Missed our Cybersecurity and Compliance Trends Webinar? Access through the link below to learn from Prescient Security's Director of Security Services, Steve S. as he dives into the changing roles within compliance, changing surface area and regulatory environment, AI, and more. 🔆 Access here: https://hubs.la/Q02GzLSx0 #CybersecurityTrends #Compliance #ComplianceStrategy

In their 2024 Global Threat Report, CrowdStrike's Threat Landscape Overview determined that Cloud Concious Cases increased by 110% YoY, Cloud environment intrusions increased by 75% YoY, and 84% of adversary-attributed cloud-concious intrusions were focused on eCrime. Additionally, Identity-Based and Social Engineering Attacks were observed to have expanded from initial phishing techniques of stealing account credential to adversaries targeting API keys and secrets, session cookies and tokens, one-time passwords (OTPs) and Kerberos tickets throughout 2023. Ready for a Cloud Application Security Assessment (CASA) after those stats? 😵💫 Learn more from our team of experts about which Penetration Test is right for your organization: https://hubs.la/Q02FW1Sn0 #CASA #CloudSecurity #Cloud #CrowdStrike2024ThreatReport

A few more 📸 🏙️ #PrescientQBR2024 #Security #Compliance

Had an incredible time at our Quarterly Business Review Leadership Retreat in Chicago this week! 🔆🏙️ Very excited for what's to come. #PrescientQBR24 #Security #Compliance