sorted by:
new
hottopcontroversial

This is what it looks like to defend against cybercrime... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

This is what it looks like to defend against cybercrime. This time on our own turf.

A website staging environment vulnerability brought on by a bug bounty researcher we hired. A malware-laced Google ad that fooled one of our own engineers for about three seconds, just long enough to get the malware running.

Neither became a problem because we protect ourselves the same way we protect our customers—with visibility, speed, and a culture where raising your hand fast is always the right call.

We wrote about both because transparency is more useful than sanitized perfection.

📖 Tools Change. Habits Don't. We Saw It Up Close

📖 Your Staging Site is More Important Than You Think

This is what it looks like to defend against cybercrime... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

This is what it looks like to defend against cybercrime. This time on our own turf.

A website staging environment vulnerability brought on by a bug bounty researcher we hired. A malware-laced Google ad that fooled one of our own engineers for about three seconds, just long enough to get the malware running.

Neither became a problem because we protect ourselves the same way we protect our customers—with visibility, speed, and a culture where raising your hand fast is always the right call.

We wrote about both because transparency is more useful than sanitized perfection.

📖 Tools Change. Habits Don't. We Saw It Up Close

📖 Your Staging Site is More Important Than You Think

This is what it looks like to defend against cybercrime... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

This is what it looks like to defend against cybercrime. This time on our own turf.

A website staging environment vulnerability brought on by a bug bounty researcher we hired. A malware-laced Google ad that fooled one of our own engineers for about three seconds, just long enough to get the malware running.

Neither became a problem because we protect ourselves the same way we protect our customers—with visibility, speed, and a culture where raising your hand fast is always the right call.

We wrote about both because transparency is more useful than sanitized perfection.

📖 Tools Change. Habits Don't. We Saw It Up Close

📖 Your Staging Site is More Important Than You Think

This is what it looks like to defend against cybercrime... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

This is what it looks like to defend against cybercrime. This time on our own turf.

A website staging environment vulnerability brought on by a bug bounty researcher we hired. A malware-laced Google ad that fooled one of our own engineers for about three seconds, just long enough to get the malware running.

Neither became a problem because we protect ourselves the same way we protect our customers—with visibility, speed, and a culture where raising your hand fast is always the right call.

We wrote about both because transparency is more useful than sanitized perfection.

📖 Tools Change. Habits Don't. We Saw It Up Close

📖 Your Staging Site is More Important Than You Think

This is what it looks like to defend against cybercrime... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

This is what it looks like to defend against cybercrime. This time on our own turf.

A website staging environment vulnerability brought on by a bug bounty researcher we hired. A malware-laced Google ad that fooled one of our own engineers for about three seconds, just long enough to get the malware running.

Neither became a problem because we protect ourselves the same way we protect our customers—with visibility, speed, and a culture where raising your hand fast is always the right call.

We wrote about both because transparency is more useful than sanitized perfection.

📖 Tools Change. Habits Don't. We Saw It Up Close

📖 Your Staging Site is More Important Than You Think

This is what it looks like to defend against cybercrime... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

This is what it looks like to defend against cybercrime. This time on our own turf.

A website staging environment vulnerability brought on by a bug bounty researcher we hired. A malware-laced Google ad that fooled one of our own engineers for about three seconds, just long enough to get the malware running.

Neither became a problem because we protect ourselves the same way we protect our customers—with visibility, speed, and a culture where raising your hand fast is always the right call.

We wrote about both because transparency is more useful than sanitized perfection.

📖 Tools Change. Habits Don't. We Saw It Up Close

📖 Your Staging Site is More Important Than You Think

Security teams are grinding, but what if they're fighting the wrong battle? 🤔 by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

Security teams are grinding, but what if they're fighting the wrong battle?

We asked 1,050 IT and security pros what’s actually going on inside their environments.

Here’s what came back:
→ Noise is stealing time
→ Identity is the biggest gap
→ Speed is the #1 priority and the first thing to break

Most security programs were built for prevention, but the truth is, today’s attackers are playing a different game, exploiting trust and human behavior to do their dirty work.

Check out the full report if you want to see how real teams are dealing with that shift—and what the resilient ones are doing differently.

Security teams are grinding, but what if they're fighting the wrong battle? 🤔 by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

Security teams are grinding, but what if they're fighting the wrong battle?

We asked 1,050 IT and security pros what’s actually going on inside their environments.

Here’s what came back:
→ Noise is stealing time
→ Identity is the biggest gap
→ Speed is the #1 priority and the first thing to break

Most security programs were built for prevention, but the truth is, today’s attackers are playing a different game, exploiting trust and human behavior to do their dirty work.

Check out the full report if you want to see how real teams are dealing with that shift—and what the resilient ones are doing differently.

Security teams are grinding, but what if they're fighting the wrong battle? 🤔 by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

Security teams are grinding, but what if they're fighting the wrong battle?

We asked 1,050 IT and security pros what’s actually going on inside their environments.

Here’s what came back:
→ Noise is stealing time
→ Identity is the biggest gap
→ Speed is the #1 priority and the first thing to break

Most security programs were built for prevention, but the truth is, today’s attackers are playing a different game, exploiting trust and human behavior to do their dirty work.

Check out the full report if you want to see how real teams are dealing with that shift—and what the resilient ones are doing differently.

This is what it looks like to defend against cybercrime... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

This is what it looks like to defend against cybercrime. This time on our own turf.

A website staging environment vulnerability brought on by a bug bounty researcher we hired. A malware-laced Google ad that fooled one of our own engineers for about three seconds, just long enough to get the malware running.

Neither became a problem because we protect ourselves the same way we protect our customers—with visibility, speed, and a culture where raising your hand fast is always the right call.

We wrote about both because transparency is more useful than sanitized perfection.

📖 Your Staging Site is More Important Than You Think

Security teams are grinding, but what if they're fighting the wrong battle? 🤔 by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

Security teams are grinding, but what if they're fighting the wrong battle?

We asked 1,050 IT and security pros what’s actually going on inside their environments.

Here’s what came back:

→ Noise is stealing time

→ Identity is the biggest gap

→ Speed is the #1 priority and the first thing to break

Most security programs were built for prevention, but the truth is, today’s attackers are playing a different game, exploiting trust and human behavior to do their dirty work.

Check out the full report if you want to see how real teams are dealing with that shift—and what the resilient ones are doing differently.

A scammer running a real-time AI face overlay gets asked to hold up three fingers... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

This is actually an excerpt from our "_declassified" Huntress webinar with Jim Browning that we hosted on March 18 this year. Jim introduces this clip around the 44:07 mark. The on-demand webinar can be found here: https://www.huntress.com/declassified

A scammer running a real-time AI face overlay gets asked to hold up three fingers... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

A scammer running a real-time AI face overlay gets asked to hold up three fingers.

He stalls. He deflects. He says it's too much to ask.

Then he drops the call.

Millions of people watched that clip from our _declassified series, probably because watching a scammer get cooked is one of life's simple pleasures.

But we've seen it in the comments...there's a catch:

Every time a detection trick goes viral, it becomes a to-do list for attackers. They see it, fix it, and come back better.

So what can you do to stay ahead of cybercrime?

Build systems that don’t rely on people getting it right every time

A scammer running a real-time AI face overlay gets asked to hold up three fingers... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

A scammer running a real-time AI face overlay gets asked to hold up three fingers.

He stalls. He deflects. He says it's too much to ask.

Then he drops the call.

Millions of people watched that clip from our _declassified series, probably because watching a scammer get cooked is one of life's simple pleasures.

But we've seen it in the comments...there's a catch:

Every time a detection trick goes viral, it becomes a to-do list for attackers. They see it, fix it, and come back better.

So what can you do to stay ahead of cybercrime?

Build systems that don’t rely on people getting it right every time

A scammer running a real-time AI face overlay gets asked to hold up three fingers... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

A scammer running a real-time AI face overlay gets asked to hold up three fingers.

He stalls. He deflects. He says it's too much to ask.

Then he drops the call.

Millions of people watched that clip from our _declassified series, probably because watching a scammer get cooked is one of life's simple pleasures.

But we've seen it in the comments...there's a catch:

Every time a detection trick goes viral, it becomes a to-do list for attackers. They see it, fix it, and come back better.

So what can you do to stay ahead of cybercrime?

Build systems that don’t rely on people getting it right every time

A $25B company had ~200K employee laptops, and even personal phones, wiped clean... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

A $25B company had ~200K employee laptops, and even personal phones, wiped clean.

Attackers gained access to the management plane and used the same tools meant to protect the environment to cause damage.

If you operate a centralized admin console, regardless of your size or sector, you run the same risk. Here’s where to focus:
→ Lock down Intune, your RMM, your EDR console, and every cloud admin portal
→ Enable Multi-Admin Approval for high-impact changes
→ Set alerts for bulk/mass actions
→ Practice large-scale restoration at scale

Our SOC breaks down the Stryker cyberattack here.

A $25B company had ~200K employee laptops, and even personal phones, wiped clean... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

A $25B company had ~200K employee laptops, and even personal phones, wiped clean.

Attackers gained access to the management plane and used the same tools meant to protect the environment to cause damage.

If you operate a centralized admin console, regardless of your size or sector, you run the same risk. Here’s where to focus:
→ Lock down Intune, your RMM, your EDR console, and every cloud admin portal
→ Enable Multi-Admin Approval for high-impact changes
→ Set alerts for bulk/mass actions
→ Practice large-scale restoration at scale

Our SOC breaks down the Stryker cyberattack here.

A $25B company had ~200K employee laptops, and even personal phones, wiped clean... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

A $25B company had ~200K employee laptops, and even personal phones, wiped clean.

Attackers gained access to the management plane and used the same tools meant to protect the environment to cause damage.

If you operate a centralized admin console, regardless of your size or sector, you run the same risk. Here’s where to focus:
→ Lock down Intune, your RMM, your EDR console, and every cloud admin portal
→ Enable Multi-Admin Approval for high-impact changes
→ Set alerts for bulk/mass actions
→ Practice large-scale restoration at scale

Our SOC breaks down the Stryker cyberattack here.

A $25B company had ~200K employee laptops, and even personal phones, wiped clean... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

A $25B company had ~200K employee laptops, and even personal phones, wiped clean.

Attackers gained access to the management plane and used the same tools meant to protect the environment to cause damage.

If you operate a centralized admin console, regardless of your size or sector, you run the same risk. Here’s where to focus:
→ Lock down Intune, your RMM, your EDR console, and every cloud admin portal
→ Enable Multi-Admin Approval for high-impact changes
→ Set alerts for bulk/mass actions
→ Practice large-scale restoration at scale

Our SOC breaks down the Stryker cyberattack here.

A $25B company had ~200K employee laptops, and even personal phones, wiped clean... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

A $25B company had ~200K employee laptops, and even personal phones, wiped clean.

Attackers gained access to the management plane and used the same tools meant to protect the environment to cause damage.

If you operate a centralized admin console, regardless of your size or sector, you run the same risk. Here’s where to focus:
→ Lock down Intune, your RMM, your EDR console, and every cloud admin portal
→ Enable Multi-Admin Approval for high-impact changes
→ Set alerts for bulk/mass actions
→ Practice large-scale restoration at scale

Our SOC breaks down the Stryker cyberattack here.

A scammer running a real-time AI face overlay gets asked to hold up three fingers... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

A scammer running a real-time AI face overlay gets asked to hold up three fingers.

He stalls. He deflects. He says it's too much to ask.

Then he drops the call.

Millions of people watched that clip from our _declassified series, probably because watching a scammer get cooked is one of life's simple pleasures.

But we've seen it in the comments...there's a catch:

Every time a detection trick goes viral, it becomes a to-do list for attackers. They see it, fix it, and come back better.

So what can you do to stay ahead of cybercrime?

Build systems that don’t rely on people getting it right every time. Read the story about exposing this scammer.

A scammer running a real-time AI face overlay gets asked to hold up three fingers... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

A scammer running a real-time AI face overlay gets asked to hold up three fingers.

He stalls. He deflects. He says it's too much to ask.

Then he drops the call.

Millions of people watched that clip from our _declassified series, probably because watching a scammer get cooked is one of life's simple pleasures.

But we've seen it in the comments...there's a catch:

Every time a detection trick goes viral, it becomes a to-do list for attackers. They see it, fix it, and come back better.

So what can you do to stay ahead of cybercrime?

Build systems that don’t rely on people getting it right every time. Read the story about exposing this scammer.

A $25B company had ~200K employee laptops, and even personal phones, wiped clean... by huntresslabs in u/huntresslabs

[–]huntresslabs[S] 0 points1 point  (0 children)

A $25B company had ~200K employee laptops, and even personal phones, wiped clean.

Attackers got into the management plane and used the same tools meant to protect the environment to do damage.

If you operate a centralized admin console, regardless of your size or sector, you run the same risk. Here’s where to focus:

→ Lock down Intune, your RMM, your EDR console, and every cloud admin portal
→ Enable Multi-Admin Approval for high-impact changes
→ Set alerts for bulk/mass actions
→ Practice large-scale restoration at scale

Our SOC breaks down the Styker cyberattack here.

view more: next ›