Tag: SIEM

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access
Summary: Ransomware actors are increasingly targeting VMware ESXi bare metal hypervisors, exploiting SSH tunneling to maintain persistence and evade detection. These attacks can cripple organizations by encrypting files and rendering virtual machines inaccessible. Monitoring challenges related to ESXi logs further complicate detection and response efforts for system administrators.…
Read More
Malicious Software and Its Types
This article explores various types of malware, detailing their characteristics, examples, and consequences in the cybersecurity landscape. It covers viruses, worms, trojans, spyware, rootkits, ransomware, and cryptojacking, highlighting both historical examples and mitigation strategies. Affected: malware, computer systems, data security

Keypoints :

Malware is software developed to harm computer systems, steal data, or gain unauthorized access.…
Read More
Practical Application of the MITRE ATT&CK Framework for SOC/Cybersecurity Analysts: Mapping Techniques to Real-World Threats
This article highlights a significant gap in threat detection capabilities within SIEM technologies, which reportedly only cover 19% of the MITRE ATT&CK techniques. Focusing on the MOVEit Transfer attack in 2023, it illustrates the importance of the MITRE ATT&CK framework for cybersecurity analysts in mapping real-world threats, enhancing detection rules, and improving incident response strategies.…
Read More
Information Security Analyst
This article outlines the responsibilities of an Information Security analyst at AIG, focusing on mitigating vulnerabilities like Log4j, preventing ransomware attacks, and implementing continuous monitoring. Key strategies included using resources from CISA for vulnerability assessments and creating custom tools for decryption. Affected: AIG, Cybersecurity & Infrastructure Security Agency (CISA), Apache Log4j, ransomware gangs

Keypoints :

AIG is an American multinational finance and insurance corporation with operations in over 80 countries.…
Read More
Managed Detection and Response – How are you monitoring?
Summary: Security Information and Event Management (SIEM) systems are essential for modern enterprise security, enabling organizations to detect and respond to cyber threats effectively. Smarttech247 highlights the challenges faced by traditional SIEM platforms and emphasizes the importance of advanced analytics and automation in addressing these issues.…
Read More
CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 Detection: CISA and FBI Warn Defenders of Two Exploit Chains Using Critical Ivanti CSA Vulnerabilities – SOC Prime
Recent vulnerabilities in Ivanti Cloud Service Appliances (CSA) pose significant risks, allowing adversaries to exploit them through various chains. The CISA and FBI alert highlights the need for immediate action, as attackers have been able to gain access, execute remote code, and compromise sensitive networks. Affected: Ivanti Cloud Service Appliances, Enterprise Security

Keypoints :

Ivanti Cloud Service Appliances (CSAs) face critical vulnerabilities tracked as CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380.…
Read More
CTI REPORT – LockBit 3.0
LockBit 3.0 ransomware primarily targets Windows systems, exploiting vulnerabilities in Active Directory and Microsoft Exchange Server. It employs various tactics for initial access, data encryption, and data exfiltration, threatening victims with public data leaks unless ransoms are paid. LockBit has been particularly active in sectors such as healthcare, finance, and critical infrastructure, leveraging advanced techniques to evade detection.…
Read More
From SIEM to Ticketing: Streamlining Security Operations with Cado’s Export Capabilities
Cado’s export capabilities enhance security operations by streamlining data flow between SIEMs, ticketing systems, and forensic platforms. This integration reduces manual errors, improves efficiency, and ensures timely incident resolution. Affected: Cado platform, SIEMs, ticketing systems

Keypoints :

Modern SOCs face challenges with manual data transfers and incompatible formats.…
Read More
Cisco warns of denial of service flaw with PoC exploit code
Summary: Cisco has issued security updates to address a denial-of-service (DoS) vulnerability in ClamAV, tracked as CVE-2025-20128, which could allow remote attackers to crash the antivirus scanning process. Although proof-of-concept exploit code is available, there is currently no evidence of active exploitation in the wild. The vulnerability affects the Secure Endpoint Connector software across various platforms, but overall system stability remains intact even if the vulnerability is exploited.…
Read More
Automating Threat Data Retrieval: How ThreatConnect, Polarity, and the TQL Generator are Changing the Game | ThreatConnect
This article discusses the challenges faced by CTI Analysts in investigating phishing campaigns and how tools like ThreatConnect, Polarity, and the TQL Generator can streamline workflows by automating data retrieval, enriching threat intelligence, and improving real-time collaboration. Affected: organizations, cybersecurity analysts

Keypoints :

CTI Analysts often struggle with slow manual processes when investigating threats.…
Read More

Summary: The video discusses the increasing importance of Identity and Access Management (IAM) in preventing data breaches, particularly through compromised credentials. It highlights the necessity of integrating prevention, detection, and response strategies within IAM systems to enhance security. The speaker introduces the concept of an Identity Threat Detection and Response (ITDR) system, detailing its three core phases: collect, detect, and respond.…
Read More
CVE-2025-21298 Detection: Critical Zero-Click OLE Vulnerability in Microsoft Outlook Results in Remote Code Execution
The article discusses the critical Microsoft Outlook vulnerability CVE-2025-21298, which allows remote code execution (RCE) through specially crafted emails. This zero-click flaw has a CVSS score of 9.8 and poses significant risks to email security. Immediate action is recommended, including applying patches and utilizing detection tools.…
Read More
Strategic Approaches to Threat Detection, Investigation & Response
Summary: The digital era presents both opportunities and challenges, with sophisticated cyber threats like ransomware and phishing campaigns posing significant risks to organizations. Threat Detection, Investigation, and Response (TDIR) has emerged as a vital strategy in modern cybersecurity, integrating advanced technologies and skilled professionals to enhance threat management.…
Read More
CISA shares guidance for Microsoft expanded logging capabilities
Summary: CISA has released guidance for government agencies and enterprises on utilizing expanded cloud logs in Microsoft 365 for forensic and compliance investigations. The new Microsoft Purview Audit (Standard) logging capabilities enhance threat-hunting efforts, particularly in response to a significant Exchange Online breach attributed to the threat actor Storm-0558.…
Read More
Volt Typhoon: Analyzing Espionage Campaigns Against Critical Infrastructure
Volt Typhoon, a Chinese state-sponsored APT group, is known for targeting critical infrastructure in the US, UK, Canada, and Australia by exploiting vulnerabilities in outdated SOHO devices. Their stealthy tactics involve using legitimate tools to blend malicious activities with normal network traffic, making detection difficult. Affected: United States, United Kingdom, Canada, Australia

Keypoints :

Volt Typhoon is linked to espionage and information gathering targeting critical infrastructure.…
Read More
VMware ESXi Logging and Detection Opportunities
This article discusses the unique challenges faced by Detection Engineers in securing ESXi environments, which often lack adequate security controls. It highlights the importance of effective log sources, common adversary techniques, and provides a Python-based CLI tool for automating detection tasks. Affected: ESXi

Keypoints :

ESXi environments are often considered legacy and may lack effective maintenance and security controls.…
Read More

➡️ 𝐏𝐫𝐞-𝐫𝐞𝐪𝐮𝐢𝐬𝐢𝐭𝐞𝐬⭐ Introduction to Malware Analysis https://github.com/0xrajneesh/Malware-Analysis-Projects-for-Beginners/blob/main/Introduction-to-Malware-Analysis.md⭐ Malware Analyst Guide 2024 https://youtu.be/tUsx0I0TK54➡️ 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐏𝐫𝐨𝐣𝐞𝐜𝐭𝐬⭐ Static Analysis of a Simple Malware Sample https://github.com/0xrajneesh/Malware-Analysis-Projects-for-Beginners/blob/main/Project Static Analysis of a Simple Malware Sample.md⭐ Analyzing FTP Log Files Using Splunk SIEM https://github.com/0xrajneesh/Splunk-Projects-For-Beginners/blob/main/project%232-analyzing-ftp-logs-using-splunk-siem.md⭐ Analyzing HTTP Log Files Using Splunk SIEM https://github.com/0xrajneesh/Splunk-Projects-For-Beginners/blob/main/project%233-analyzing-http-logs-using-splunk-siem.md⭐…

Read More
What is IOC? Tracking Threats in Cybersecurity
Indicators of Compromise (IoCs) are critical technical indicators that help detect abnormal behaviors in systems, networks, or devices, aiding in the identification of malicious activities and facilitating effective responses to threats. They play a vital role in early threat detection by cybersecurity teams. Affected: None

Keypoints :

IoCs are crucial for identifying traces of cyberattacks.…
Read More