Hummingbird Security

@HummingbirdSecurity
1 Followers
30 Following
13 Posts
Saas innovation for digital defense. Sign up for our newest product, Auth Sentry's Monitor tier for FREE ID Monitoring. Upgrade for complete, explainable investigations. Predictive intelligence +more
Hummingbird Security4d ago

Something worth thinking about:

New phishing research shows attackers are now deliberately generating alert noise during the investigation phase, not to evade detection, but to delay response to it.

Alert fatigue isn't a staffing failure. It's becoming a calculated attack vector.
The fix isn't more analysts. It's detection that doesn't wait for a human to clear a queue.

We can help. ➡️ gethumming.io
Free tier & 7 day trials of premium features

#ITDR #InfoSec #CyberSecurity #IdentitySecurity

Hummingbird Security5d ago

RE: https://infosec.exchange/@briankrebs/116216124330811608

Breaches can have far reaching consequences - not just on your business, but on the lives of your customers. If you've been putting of adding a continuous identity monitoring layer to your existing security stack, now's the time - especially amid the current heightened attack cycle brought on by the conflict in Iran.

Hummingbird Security6d ago

RE: https://infosec.exchange/@briankrebs/116211468548137252

As we mentioned in our threat bulletin, it is more important than ever for businesses to protect themselves - even if they earnestly believe that "hackers wouldn't care about their business" and they "wouldn't be a target." Read more and find out what you can do here: https://gethumming.io/blog/iranian-apt-threat-bulletin/

Hummingbird Security6d ago

Five articles, one pattern: attackers aren't breaking through perimeters - they're walking through them with valid credentials.

MFA fatigue. Vishing coalitions. Graph-based lateral movement. Machine identity sprawl. Iranian APT credential campaigns.

Each piece maps a different entry point to the same post-auth gap.

Full series: gethumming.io/blog/

Free identity inventory: gethumming.io/monitor/

#infosec #ITDR #IdentitySecurity #CyberSecurity

Hummingbird SecurityMar 10

Iranian APT attacks:

Phase 0: Reconnaissance
Phase 1: Low-and-slow password spray
Phase 2: Credential access
Phase 3: MFA/OAuth persistence
Phase 4: Privilege escalation
Phase 5: Data collection

Traditional tools detect events. Our analytics detect the shape of a campaign - before any 1 account threshold is crossed.

Our BA-IR-004 rule can fire while attackers are still testing credentials.
Earlier signal. More time to respond.

Full breakdown + detection methodology:
https://gethumming.io/blog/iranian-apt-threat-bulletin/

Hummingbird SecurityMar 9

In most orgs, non-human identities outnumber humans 10:1.

Service accounts. Machine identities. OAuth tokens. Most are over-privileged. Many are forgotten.

You can't protect what you can't see.

Auth Sentry Monitor - free identity visibility, up in minutes.
authsentry.ai/register