Tag Archive for: Lighthouse

Going into the Darknet: How Cynet Lighthouse Services Keep Cybersecurity Teams One Step Ahead of Hackers


By monitoring the darknet, as well as underground forums, Cynet is able to identify and prepare for the latest cybersecurity threats before they reach deafening levels.

By Eyal Gruner, Co-Founder and CEO of Cynet

Data breaches are far from new, but the scale of attacks and sophistication of the attackers has reached all new levels in recent years. Since the pandemic, with the rise in remote work environments and work from home setups, compromised credentials became the most common initial access vector for data breaches in 2022 according to IBM – leading to rampant cybersecurity attacks. Because of the anonymity it offers, the darknet is fertile ground for bad actors looking to buy, sell, and trade large datasets of credential that can be used to access compromised accounts and systems left unchecked.

The alarming rise in compromised credentials led Cynet to launch its Lighthouse Service which monitors underground forums, private groups, and malicious servers for evidence of compromised credentials within the environment – taking its MDR team (CyOps) into the darknet and underground forums to search for potential cybersecurity threats before they become full-on attacks. Unlike traditional darknet monitoring services, Cynet focuses primarily on credential theft monitoring because of the swift rise in leaked credentials.

A Primer on the Darknet and Underground Forums  

Unlike the internet we all use to work, shop, and connect online, users must download a special Tor browser or browser add-ons to navigate the darknet. Because there is no link between a user and the user’s IP, the darknet requires specific access (software, configurations, authorization) – thus making it a prime location for illegal activity. Industry analysts estimate that the darknet accounts for 4% to 6% of internet content, with as many as three million users per day.

But the darknet is not the only gathering spot for cybercriminals. The internet we use on a daily basis (Clearnet) also houses underground forums that fuel and empower threat actors. The now seized “RaidForums” and its predecessor, “Breached,” are two popular sites that can be accessed via common web browsers. While the two are…

Source…

Cybersecurity Defense: Recommendations for Companies Impacted by the Biden Administration Executive Order | Lighthouse


Thus, while on its face, many of the new requirements within the Order are aimed at federal agencies and government subcontractors, the ultimate goal appears to be to create a more unified national cybersecurity defense across all sectors. In this installment of our blog series, I will outline recommended steps for private sector organizations to prepare for compliance with the Order, as well as general best-practice tips for adopting a more preemptive approach to cybersecurity.

1. Conduct a Third-Party Assessment

First and foremost, organizations must understand their current cybersecurity posture. Given the severity and volume of recent cyberattacks, third-party in-depth or red-team assessments should be done that would include not only the organization’s IT assets, but also include solutions providers, vendors, and suppliers. Red teaming is the process of providing a fact-driven adversary perspective as an input to solving or addressing a problem. In the cybersecurity space, it has become a best practice wherein the cyber resilience of an organization is challenged by an adversary or a threat actor’s perspective.[1] Red-team testing is very useful to test organizational policies, procedures, and reactions against defined, intended standards.

A third-party assessment must include a comprehensive remote network scan and a comprehensive internal scan with internal access provided or gained with the intent to detect and expose potential vulnerabilities, exploits, and attack vectors for red-team testing. Internal comprehensive discovery includes scanning and running tools with the intent to detect deeper levels of vulnerabilities and areas of compromise. Physical intrusion tests during red-team testing should be conducted on the facility, networks, and systems to test readiness, defined policies, and procedures.

The assessment will evaluate the ability to preserve the confidentiality, integrity, and availability of the information maintained and used by the organization and will test the use of security controls and procedures used to secure sensitive data.

2. Integrate Solution Providers and IT Service Companies into Plans to Address Above Executive Order Steps

To…

Source…

Security camera maker Lighthouse shuts down, will refund camera purchases – Android Police

Security camera maker Lighthouse shuts down, will refund camera purchases  Android Police

Home security cameras are a booming business, but it’s far from a sure thing. Camera maker Lighthouse has just announced that it’s shutting down, so any… by …

“android security news” – read more

Lighthouse is a smart security camera, can recognize visitors and even interact – Gadgets Post


Gadgets Post

Lighthouse is a smart security camera, can recognize visitors and even interact
Gadgets Post
With the Lighthouse security camera, users will now be able to know who actually is present in the vicinity of the camera, thanks to the device's own ID-proofing techniques. The project, originally created by Andy Rubin, Android's co-founder, can tell

and more »

android security – read more