Does ChatGPT Change Infosec?

Author: Sylvia Killinen | Security Engineer | GRIMM It’s been widely commented that ChatGPT generates bullshit. That isn’t a pejorative phrase but rather a term of art, as in Herbert’s “On Bullshit,” which defines it as speech intended to persuade, regardless of its truth value. Bullshit is distinguished from lying by a lack of intent […]

Does ChatGPT Change Infosec? Read More »

threat actors cybersecurity

Professional evil: a glimpse into the tactics and motivations of malicious threat actors

There are plenty of articles detailing the uses of patience, creativity, and above all, learning from your failures. Those are all requirements for excelling in any technical field. Instead of rehashing that baseline, let’s take a look at how a threat actor might stage attacks to create the most extensive damage, regardless of the target.  

Professional evil: a glimpse into the tactics and motivations of malicious threat actors Read More »

Why You Should Care About Infrastructure Security Month

November is Critical Infrastructure Security & Resilience Month, a nationwide effort to raise awareness and reaffirm the commitment to keep our nation’s critical infrastructure secure and resilient. This year’s theme is Infrastructure Security is National Security: Together We Can Drive Down Risk, Build Resilience, which covers the spectrum of infrastructure security.  So, why should you

Why You Should Care About Infrastructure Security Month Read More »

Old dog, same tricks

Introduction When enterprise software gets old, should we consider it tried-and-true, or decrepit and a threat, like the superglue holding the soles of my running shoes together? Old software that’s been humming around in the background hasn’t necessarily broken, but that doesn’t mean that you can necessarily trust it; in fact there should be a

Old dog, same tricks Read More »

The walls have ears

Modern business often relies heavily on the Internet and software resources such as Zoom or Skype to support daily operations. Use of such systems often requires additional hardware resources like microphones and cameras. Advances in computing has provided a pathway for these very ordinary hardware commodities to develop into resources that enrich user experience through

The walls have ears Read More »

Pulse Secure April Attack

Pulse Connect Secure vulnerability CVE-2021-22893 and other old vulnerabilities are being actively exploited. While GRIMM engineers were not able to obtain a device or the firmware for a full analysis, the device in question looks like a Linux-based rack-mounted server that sits inside the firewall and mediates all kinds of access for clients accessing it via a

Pulse Secure April Attack Read More »


GRIMM is pleased to announce the launch of their new Private Vulnerability Disclosure (PVD) program. This offering allows defenders to get ahead of the attack curve, instead of reacting to unknown threats, by providing previously unknown vulnerabilities. Subscribers will have access to a stream of high-impact vulnerabilities from GRIMM’s internal research team. Release timing will