top of page

Services
Professional services
Security Risk Assessment
Customized risk and compliance gap assessments with a tailored roadmap to address gaps and vulnerabilities.
Virtual CISO (vCISO)
Expert security leadership that assesses, addresses, and continually improves your security posture and compliance, all at a fraction of the cost of a full-time CISO.
Penetration Testing
Comprehensive penetration testing to uncover vulnerabilities and reinforce your defenses before attackers can exploit them.
Incident Response
Incident response plan development and testing, paired with rapid, expert action to contain security incidents, minimize damage, and maintain compliance with industry standards.
Managed Services
Third-Party Risk Management
Securely manage vendor relationships from start to finish.
Security Awareness Training
Empower your team to recognize threats.
Email Security
Protect your inbox from phishing and spam.
Vulnerability Management
Continuous scanning and alerts for swift risk remediation.
Managed Detection & Response (MDR)
Quickly detect, respond, and recover from advanced threats.
Password Management
Secure, manage, and simplify passwords.
Dark Web Monitoring
Monitor exposed data before it’s used against you.
Industry
Healthcare
Ensure patient trust with robust data protection and compliance.
Financial Services
Safeguard financial data while meeting compliance at every level.
K-12 Education
Enhance student safety and privacy while supporting educational goals.
Framework
HIPAA
SOC 2
Additional frameworks
Simplify security: How to build your security program with NIST CSF 2.0
Download the ebook
Resources
Resources
Blog
Stay updated with the latest trends and insights in cybersecurity. From industry news to expert analyses, our blog keeps you informed.
Podcast
Listen to expert discussions on pressing cybersecurity issues. Featuring interviews and practical advice, our podcast keeps you engaged and informed.
Security community
Stay updated with the latest security news and join the conversation. Connect with peers, share insights, and leave comments on the most recent updates.
Guides and reports
Access comprehensive guides and reports with actionable insights and strategies to improve your security stance.
Master HIPAA: How to achieve compliance with our ultimate guide
Download the guide
Company
Contact
Partners

Free Cybersecurity Review

To test this feature, visit your live site.

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents

Who:

Suspected Chinese state-sponsored Advanced Persistent Threat (APT) actors.
U.S. Treasury Department.
BeyondTrust (third-party software service provider).

What:

A major cybersecurity incident where threat actors accessed U.S. Treasury systems and unclassified documents.
The incident involved the exploitation of a BeyondTrust API key.
The breach affected the Office of Foreign Assets Control (OFAC) and the Office of the Treasury Secretary.

How:

The threat actors gained access to a BeyondTrust API key used to secure a cloud-based service for remote technical support.
With the stolen key, they overrode the service's security and remotely accessed certain Treasury Departmental Offices (DO) user workstations and unclassified documents.
BeyondTrust's investigation revealed attackers reset passwords for local application accounts using the API key.
The Treasury Department, CISA, and FBI are investigating, and BeyondTrust has taken steps to mitigate the breach.

Read the full article HERE

0 comments

Like

Comments (0)

bottom of page