Flashpoint

How does Air Canada prioritize real threats in a sea of potential vulnerabilities? We are pulling back the curtain on an incredible session from Flashpoint’s FUSE conference, where Kyle Howson, Senior Manager of Cyber Threat Hunting at Air Canada, shared how his team cut through the noise, streamlined patching, and focused on the threats that matter most. Kyle shares: 🔸 How Air Canada identifies the vulnerabilities that actually pose a threat. 🔸 The steps they’ve taken to reduce operational disruptions caused by unnecessary patching. 🔸 Why aligning their teams with a single source of truth has been a game-changer. 🎥 Watch the video on-demand now: flashpoint.io/resources/webi…

The global security landscape is undergoing a seismic shift, with the New Cold War ushering in an era of unprecedented complexity. From ransomware campaigns by North Korea's Lazarus Group to influence operations by China's state-backed entities, today’s threats blur the lines between cybercrime and geopolitical aggression. Understanding this convergence is no longer optional—it’s essential. 📖 Explore these challenges and strategies to prepare your organization: flashpoint.io/blog/the-new-c…

How are non-traditional players redefining the intelligence landscape? Next week, Flashpoint CEO Josh Lefkowitz will join Michael Southworth, CEO of Babel Street, and Michael DeBolt, Chief Intelligence Officer at Intel 471, for a can’t miss panel at Baird’s 7th Annual Defense & Government Conference. Moderated by Jennifer Ewbank, former Deputy for Digital Innovation at the CIA and founder of Andaman Strategic Advisors, this timely panel will dive into how technology and innovative strategies are driving transformation in the intelligence sector. 📍 Thursday, November 21 | 9:20am ET Whether you’re attending in person or virtually, this session promises to deliver forward-looking insights into the evolving world of intelligence and security. For more information, or to request an invitation, please contact Baird's Conference Events Team at IBEvents@rwbaird.com.

Last month, a wave of simultaneous explosions, reportedly triggered by modified pager devices, went off in Hezbollah-controlled regions of Lebanon and Syria. While these events have been attributed to a covert operation likely linked to Israel, their ramifications extend well beyond the immediate conflict. In his article for @NextgovFCW , Flashpoint’s Executive Director for Global Security, Andrew Borene, explores how the pager explosions signal a significant convergence of geopolitical, cyber, and physical security threats. He discusses how it raises urgent questions about how outdated technologies can be weaponized in new ways and highlights vulnerabilities in supply chains that have significant implications for both governments and private sector enterprises. 🔗 nextgov.com/ideas/2024/10/… #CyberSecurity #SupplyChainSecurity #ThreatIntelligence

Today, the U.S. Attorney's Office in California unsealed an indictment charging two Sudanese nationals for their roles in Anonymous Sudan’s Distributed Denial of Service (#DDoS) attacks on hospitals, government facilities, and critical infrastructure worldwide. The indictment reveals the group's involvement in over 35,000 DDoS attacks, impacting both national and global organizations. Flashpoint is proud to have contributed to this investigation as part of an alliance of government agencies and private sector partners, with a shared commitment to neutralize the tools used by Anonymous Sudan. This operation underscores the power of collaboration and community to safeguard critical infrastructure from malicious actors. Read more about this case here: justice.gov/usao-cdca/pr/t… #CyberSecurity #ThreatIntelligence

Global credit card fraud losses are projected to hit $43 billion by 2026, fueled by increasingly sophisticated fraud tactics such as skimming, phishing, and card-not-present attacks. As fraud threats evolve and digital transactions surge, the need for proactive, intelligence-driven fraud prevention has never been more urgent. That’s why we’ve just released our Complete Guide to Credit Card Fraud and Prevention, packed with expert intelligence and practical solutions for increased security. This guide provides detailed insights into the lifecycle of credit card fraud and how organizations can leverage threat intelligence to stay ahead. Download the guide now to: 🔸 Understand the latest fraud techniques and motivations 🔸 Leverage real-time data and threat intelligence to detect and prevent fraud 🔸 Strengthen your defenses against financial loss and protect your organization’s reputation 🔗 Download the guide: go.flashpoint.io/guide-to-credi… #ThreatIntelligence #FraudIntelligence #Flashpoint

The infostealer landscape is a crowded and constantly evolving market with countless strains, each with its own unique methods for compromising systems and exfiltrating data. This stolen data is a goldmine for threat actors, providing access to a treasure trove of sensitive information—such as every username, password, and credit card number stored on a victim’s browser. The low barrier to entry, price, and ease of use of infostealers mean that even unsophisticated threat actors can readily leverage them, significantly amplifying the risk they pose. Staying informed about emerging strains is crucial for security professionals in today’s threat landscape. In our latest blog we provide an in-depth analysis of PureLogs, a low-cost infostealer posing a serious and increasing threat: 🔸 PureLogs s 64-bit information-stealer malware written in C# that stands out due to its affordability and efficiency. 🔸 Despite its low price tag—starting at just $99 for a month—PureLogs uses multiple obfuscation layers to evade detection and is capable of stealing high-value data from browsers like Chrome. 🔸 This combination of low cost and high impact has made it a go-to tool for threat actors, with increasing popularity on underground forums. Learn more: flashpoint.io/blog/purelogs-…

In today’s fast-evolving digital threat landscape, our identities have become the new currency—powering everything from online shopping to global social connections. But this value is not lost on threat actors, who continue to find increasingly sophisticated methods to exploit them - targeting both our human vulnerabilities and technological weaknesses. As a result, identity intelligence has emerged as a critical tool to help businesses and governments safeguard our digital footprints, combat crime, and defend national security. In our latest blog post, learn how identity intelligence helps organizations detect and mitigate threats, combat cybercrime, and protect both employees and customers from account takeover and fraud. Plus, discover how Texas A&M is proactively defending against compromised credentials. flashpoint.io/blog/the-value…

In a coordinated move against Russian cyber espionage, U.S. law enforcement and Microsoft’s Digital Crimes Unit recently seized over 100 domains tied to Star Blizzard, a notorious hacking group linked to Russia’s Federal Security Service (FSB). This group, also known as Callisto, BlueCharlie, and several other aliases, has been targeting U.S. defense contractors, government employees, and military officials through advanced spear-phishing campaigns. By posing as trusted sources, they tricked their victims into revealing sensitive information and infiltrated key systems. While the takedowns of Star Blizzard’s associated domains has disrupted their immediate operations, authorities have emphasized the continuance of Russian cybersecurity threats. For a deeper dive into how this campaign was disrupted, what it reveals about today’s New Cold War, and the impact on your cybersecurity strategy, read more here: flashpoint.io/blog/fsb-star-… #cybersecurity #threatintelligence

As the world continues to see an increase of global conflicts, we need to do everything we can to decrease the chances of a Chinese invasion of Taiwan and take all steps necessary to avoid what would be a terribly costly war. On October 3, Dmitri Alperovitch, a leading national security expert who predicted Vladimir Putin's intention to launch a full-scale invasion of Ukraine months before it took place, will sit down with Flashpoint’s Christian Rencken for an exclusive Fireside chat to discuss: 🔸 Taiwan’s strategic role in global geopolitics 🔸 Grand strategies to prevent catastrophic conflict 🔸 Steps the U.S. and its allies must take to secure global stability Don’t miss this chance to hear from one of the leading experts in national security. Plus, attendees will be entered to win a free copy of Dmitri’s book, World on the Brink. Register now: flashpoint.io/events/world-o…

On September 26, the U.S. Department of Justice indicted Timur Kamilevich Shakhmametov and Sergey Sergeevich Ivanov, the operators behind Joker’s Stash and Rescator—two major underground carding shops. These platforms trafficked millions of stolen payment cards and personal data, profiting from breaches in retail and restaurant chains. Joker’s Stash was once the largest repository for stolen card data until its closure in 2021, while Rescator has long been linked to high-profile credit card breaches. The charges underscore the extensive reach of these operations, including money laundering and fraud through cybercriminal payment services. Read our full analysis of their operations and the impact of the indictment on the cybercrime landscape: flashpoint.io/blog/two-russi…

🚨 Telegram founder Pavel Durov’s recent arrest on August 26 at a Paris airport has ignited global discussions around privacy, platform responsibility, and content moderation. Following the arrest, Telegram announced significant policy changes, agreeing to share user data with law enforcement under valid warrants—marking a major shift from its previous privacy stance. With 900 million users and growing, this move has raised concerns among both legitimate users and cybercriminals. Underground communities are already discussing alternative platforms, sparking a potential migration. Read our full analysis of the implications of this shift, from the future of encrypted platforms to the potential exodus of threat actors to lesser-moderated spaces: flashpoint.io/blog/telegram-… #Telegram #Cybercrime

🛡️ We're excited to announce the launch of 'FP KEV,' a new feature within VulnDB and the Flashpoint Ignite platform. This update enhances your vulnerability and patch management strategy by pinpointing vulnerabilities actively exploited in the wild. With 3,384 vulnerabilities already identified, Flashpoint's KEV database offers more comprehensive coverage than CISA's KEV list, with only 1,169 vulnerabilities. This means you can ensure your remediation efforts are both targeted and effective. Key Enhancements: 🔹 'FP KEV' tag for clear identification of actively exploited vulnerabilities 🔹 Backfilling of Historical CVE Data for expanded coverage 🔹 Continual Dataset Enrichment for up-to-date intelligence In today's threat landscape, effective vulnerability intelligence is crucial. With ~40% of vulnerabilities having public exploits, prioritizing patching is more critical than ever. 'FP KEV' empowers you to prioritize with confidence, streamline workflows, and stay ahead of adversaries. Learn more about how 'FP KEV' can bolster your cybersecurity posture: flashpoint.io/resources/prod… #Cybersecurity #VulnerabilityManagement #ThreatIntelligence

As we approach International Women in Cyber Day on September 1st, it’s a time to reflect on the vital contributions of women in our industry and the importance of fostering diversity in leadership. At Flashpoint, we believe that empowering women and promoting gender diversity is not just a goal—it's essential to building stronger, more innovative teams that can tackle today’s toughest security challenges. In this spirit, we’re proud to highlight Meredith Hart, a Senior Customer Success Manager at Flashpoint, whose career trajectory is a shining example of resilience, adaptability and leadership. 🔗 Read about Meredith’s story to learn how she’s paving the way for women in cybersecurity, and join us in celebrating the incredible contributions of women in our industry as we gear up for International Women in Cyber Day. flashpoint.io/blog/celebrati… #IWCD2024 #WomenInCyber #CyberSecurity #IWCD

It’s an honor to take home the Bronze in the 9th annual  @TheStevieAwards for Great Employers, the “Olympics of HR,” in two categories: 📍 Creating a Winning Global Company Culture 📍 Impacting the Employee Lifecycle At Flashpoint, our culture is defined by our four core values which our team embodies daily: 🔸 Cultivate Customer Value 🔸 Execute as One Team 🔸 Pursue Excellence 🔸 Operate with Integrity Read more about Flashpoint's unique company culture and opportunities to join our team: flashpoint.io/about-us/caree… #TheStevieAwards #StevieWinner2024

Cybercriminals are cashing in on cloud vulnerabilities, and the stakes have never been higher. According to a recent @Forbes article featuring joint research by Flashpoint and @onapsis, ransomware incidents targeting business-critical cloud applications have surged by 400% since 2021. Even more alarming, discussions on exploiting these systems have skyrocketed by 490% on the dark web. CIOs and CISOs, it’s important to remember that compliance is just one part of the puzzle. Ensuring that your cloud systems are protected also means addressing unpatched vulnerabilities and misconfigurations. Is your organization prepared to defend against these escalating threats? 🚨 Dive into the full Forbes article to uncover the critical steps your security team must take to safeguard your cloud environment: forbes.com/councils/forbe… #CloudSecurity #Ransomware #CyberThreats

Two key players behind WWH-Club, a major Russian-language cybercrime forum, have been charged by US authorities for allegedly running an illicit enterprise helping more than 170,000 users buy stolen bank account numbers, hire hackers, and execute DDoS attacks. Despite these arrests, WWH-Club remains online and operational, quickly distancing itself from the accused and allowing members to change their screen names—a move likely intended to evade further scrutiny. This case offers a rare glimpse into the sophistication and resilience of cybercriminal networks, and it highlights the ongoing tug-of-war between law enforcement and threat actors. The recent resurgence of groups like ALPHV and LockBit, along with multiple takedowns of Breach Forums, demonstrate that while victories are possible, cybercrime is a perpetual cycle. As criminals become more organized, our strategies must evolve to meet the challenge. Read Flashpoint’s full analysis of these arrests and their impact on the cybercrime ecosystem, and how organizations can stay ahead of evolving threats: flashpoint.io/blog/wwh-club-… #CyberSecurity #ThreatIntelligence #Cybercrime

If you’ve been following the news lately, you've probably seen stories about massive data breaches impacting various sectors, from entertainment to financial services, leaking millions of users' sensitive information. While data breaches are not new, these high-profile breaches are shining a spotlight on the undeniable rise in infostealers. This malware can steal usernames and passwords, cookies, search history, financial information, and more from web browsers. Their simplicity, vast availability, and low costs have made them extremely popular among threat actors, making infostealers an increasingly primary vector for ransomware and other high-impact data breaches. Flashpoint’s Ian Gray explores the infostealer threat landscape and its implications for organizations with @WIRED. Read the full article here: wired.com/story/infostea… #Infostealers #Malware

Trust and Safety Teams must continually adapt to evolving online threats, staying ahead of new forms of harassment, misinformation, and cyber threats. Balancing free speech and safety requires navigating legal, ethical, and cultural considerations to ensure safe yet expressive platforms. Flashpoint empowers Trust and Safety Teams with the best data and intelligence available. Our solutions empower these teams with unparalleled access to relevant data, automated analysis, and expert intelligence. Top Challenges Facing Trust & Safety Teams: 🔸 Geopolitical concerns like news events, elections and conflicts 🔸 Artificial Intelligence (AI) improves threat actor capabilities 🔸 New laws and regulations Learn more about how Trust & Safety teams can benefit from Flashpoint Intelligence  at flashpoint.io #ThreatIntelligence #Flashpoint

In the midst of a pivotal political season, ensuring the safety of high-profile events is more critical than ever. Join us tomorrow for a briefing for law enforcement, public safety, and physical security professionals to address these challenges. Gain expert knowledge on: 🔍 Identifying risks to physical locations and events 🚨 Emerging threats to watch 📋 Top actions for Law Enforcement and Public Safety teams 🔗 flashpoint.io/events/preserv… #PhysicalSecurity #PublicSafety #ThreatIntelligence