Suzanne Burdick

TrustedSec’s Incident Response Team sent urgent communications to all IR retainer clients after the discovery of the compromise of Okta. Below are the recommendations provided with additional updates after reviewing more information on 03/23/2022. On March 22, 2022, the threat group LAPSUS$ announced a successful compromise of Okta, a heavily used identity and access management...

Every day, new challenges, attacks, and vulnerabilities are publicized. Just as attackers and the threat landscape are constantly changing, adapting, and evolving, so too must the Blue Teams and defenders who protect organizations against these threats. While the old adage may have been that attacks are rare and unlikely to happen, a new mentality of...

I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizations can help stop email spoofing using a combination of three...

Recorded on Tuesday, March 15th, 2022 at 1pm Eastern On February 27, 2022, a cache of chat logs from the notorious ransomware group Conti was anonymously leaked to the public. The leak revealed previously unpublished information about the group’s internal...

Download a copy of the webinar slides Ransomware is a Different Beast Human-operated ransomware represents a unique challenge to backup infrastructures. Unlike other disaster scenarios, a ransomware attack specifically targets and attempts to destroy backup systems to increase the likelihood...

If your organization is involved in contracting with the US federal government, you’ve likely come across the requirement to have a System Security Plan (SSP) in place. For those looking to understand or implement an SSP, there are many resources...