Sandworm is a highly sophisticated Russian adversary, active since at least 2009, that has been attributed to Russia’s Main Intelligence Directorate (GRU) for Special Technologies (GTsST) military Unit 74455.
Sandworm …
Sandworm is a highly sophisticated Russian adversary, active since at least 2009, that has been attributed to Russia’s Main Intelligence Directorate (GRU) for Special Technologies (GTsST) military Unit 74455.
Sandworm …
Cyber threats are becoming increasingly sophisticated and frequent, making it imperative for organizations to leverage cyber threat intelligence to stay ahead of potential cyber attacks. Organizations across all industries are …
Summary: A recent supply chain attack conducted through multiple CDNs has been traced back to a common operator, impacting a large number of websites.
Threat Actor: Unknown | Supply Chain …
Phishing is a formidable–and financially devastating–threat costing organizations $4.76 million USD per breach on average. With a simple, deceptive email, adversaries can masquerade as trusted entities, tricking even savvy individuals …
Phishing is the weapon of choice for many adversaries. And it’s easy to understand why: Users fall victim to attacks in under 60 seconds on average, novice cybercriminals can launch …
Summary: This content provides an overview of Zeek, an open-source network analysis framework that operates as a versatile sensor to monitor network traffic and generate comprehensive logs and output for …
From November 2023 to April 2024, Insikt Group identified cyber-espionage activities conducted by RedJuliett, a likely Chinese state-sponsored group, primarily targeting government, academic, technology, and diplomatic organizations in Taiwan. RedJuliett …
Recent history could be termed the Age of Ransomware in the realm of cybercrime. However, threat actors have discovered a way to profit without the need for malware development or …
Winnti is a notorious adversary that has been operational since at least 2010 and is believed to be operating in coordination with or supported by the Chinese government. The group …
Summary: This content discusses the importance of process mapping in cybersecurity and how it can revolutionize understanding and managing the security landscape.
Threat Actor: N/A Victim: N/A
Key Point :…
On Substack, publications run by cybersecurity professionals and journalists with expertise in cybersecurity can help practitioners keep pace with developments in security operations and many other areas of cybersecurity.…
Summary: The BlackSuit ransomware gang has leaked stolen data from attacks against 53 organizations over the course of a year.
Threat Actor: BlackSuit ransomware gang | BlackSuit ransomware gang Victim: …
Summary: Security researchers have released a proof-of-concept exploit for a remote code execution vulnerability in Fortinet’s SIEM solution, which allows executing commands as root on Internet-facing FortiSIEM appliances.
Threat Actor: …
Artificial Intelligence (AI) is increasingly being integrated into various industries, and cybersecurity is no exception. This article delves into the potential of AI to transform the cybersecurity landscape, addressing …
Summary: Snowflake and Anvilogic have deepened their partnership to offer a joint solution that aims to disrupt the SIEM market and provide improved security operations and threat detection for business …
In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat. The report focused …
Elastic Security Labs has identified an intrusion set incorporating several malicious modules and leveraging vulnerable drivers to disable known security solutions (EDRs) for crypto mining. Additionally, the team discovered …
Summary: This content discusses the features and deployment options of FortiSIEM, a SIEM solution that allows for log collection, correlation, automated response, and remediation.
Threat Actor: N/A
Victim: N/A
Key …
Summary: Palo Alto Networks is acquiring cloud security software assets from IBM as part of a broader partnership, which will provide Palo Alto with access to more consultants and a …
Summary: LogRhythm and Exabeam have announced a merger in the SIEM market, with the deal expected to close in the third quarter of this year.
Threat Actor: N/A
Victim: N/A…
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider …
Summary: This article discusses a network detection and response startup, Corelight, securing $150 million in Series E funding to enhance product innovation and cover future operations.
Threat Actor: N/A Victim: …
A collective awesome list of public (JSON) APIs for use in security.The list is supported by https://alexanderjaeger.deLearn about REST: https://github.com/marmelab/awesome-rest
Sample API used by hendryadrian.com https://www.hendryadrian.com/ransom/all.php
APIDescriptionAuthHTTPSLinkFree / CommercialAlexaAlexa Top…Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and …
Privileged Access Management (PAM) is a critical aspect of information security that focuses on controlling, managing, and monitoring the access and activities of privileged users within an IT environment. Privileged …
Email Security Appliances (ESAs) are hardware or software solutions designed to protect an organization’s email system from a wide range of email-based threats. These appliances play a crucial role in …
“There are too many firewall features available today; I am using Cisco ASA as an example for this firewall topic.” Cisco ASA is a versatile network security device that combines …
Content :
Introduction to SOC What is a Use Case in SOC? Use Case Life Cycle Use Case Management Challenges in Use Case Management Best Practices Introduction to SOC (Security…Summary: Global cybersecurity services provider Cyderes has acquired Ipseity Security, a Canadian company specializing in identity and access management (IAM).
Threat Actor: N/A
Victim: N/A
Key Point :
Cyderes has…Cyber threat intelligence (CTI) is a framework for collecting, processing, and analyzing information about potential or ongoing cyber threats.
Put simply, it’s the collection of various types of threat …
A proxy server is an intermediary system that sits between end users and the websites or services they access online. It provides functions like web filtering, enhanced security, and data …
tldr: In this article, we take a deeper dive into a prevalent “DLL sideloading” attack technique we’ve been observing in …
This is part two in our series on building honeypots with Falco, vcluster, and other assorted open source tools. For the previous installment, see Building honeypots with vcluster and Falco: …
Threat detection and response are critical components of a robust cybersecurity strategy. However, simply relying on automated detections is no longer enough to protect your organization from downtime.
To reduce …
In 2022, the DonutLeaks group emerged as a significant player, demonstrating a sophisticated approach to data extortion. Linked to cyber incidents targeting notable enterprises such as Greek natural gas company DESFA, UK …
In the first quarter of 2024, specialists from Positive Technologies Expert Security Center (PT ESC) detected a series of attacks targeting government organizations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. We could not find any …
Threat management is a process that is used by cybersecurity analysts, incident responders and threat hunters to prevent cyberattacks, detect cyberthreats and respond to security incidents.…
Windows Event Logs mindmap provides a simplified view of Windows Event logs and their capacities that enables defenders to enhance visibility for different purposes:
Log collection (eg: into a SIEM)…Written by: Andrew Oliveau
Over the last several years, the security community has witnessed an uptick in System Center Configuration Manager (SCCM)-related attacks. From extracting network access account (NAA) credentials …
Security professionals are often overwhelmed by the number of management consoles or platforms they need to jump between on any given day. Automating and sharing information into existing workflows can …
GhostSec, a significant member of The Five Families, has garnered substantial attention with the latest research, following their recent twin ransomware attack with Stormous –another Five Families affiliated threat group. Researchers and the …
PRESS RELEASE
DENVER, March 5, 2024 – Red Canary today announced full coverage of its detection and response capabilities to include all major cloud infrastructure and platform services providers, such …
Being a CISO is a balancing act: ensuring organizations are secure without compromising users’ productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs …
Whether it is to support compliance efforts for regulatory mandated logging, to feed daily security operations center (SOC) work, to support threat hunters or bolster incident response capabilities, security telemetry …
In late 2022, 4 ransomware strains were discovered that are derived from Conti‘s leaked ransomware strain. One of them was Meow ransomware. The operation of this crypto-ransomware was observed from late …
This post is also available in: 日本語 (Japanese)
Executive SummaryMuddled Libra stands at the intersection of devious social engineering and nimble technology adaptation. With an intimate knowledge of enterprise …
In today’s tech-driven world, APIs (Application Programming Interfaces) are like the connective tissue that allows different software to talk to each other, making our digital experiences seamless. But because they …
Sandworm is a highly sophisticated Russian adversary, active since at least 2009, that has been attributed to Russia’s Main Intelligence Directorate (GRU) for Special Technologies (GTsST) military Unit 74455.
Sandworm …